Six Steps to Combat Online Corporate Identity Theft

Posing as a reputable company on the Internet is alarmingly simple. In fact, erecting a seemingly legitimate corporate Web page can be as straightforward as copying and pasting from the real thing. As a result, companies are increasingly falling victim to fraudsters using "spoofed" e-mails and Websites to dupe their customers into sharing credit card numbers and other personal information. These kinds of corporate identity attacks undermine customer confidence and loyalty, ultimately costing a business dearly in customer service issues, bad publicity and lost revenues.

The following are six steps to help manage the risk of corporate identity theft:

1. Harness your stakeholders to provide early warnings; implement a program that makes it easy for employees and customers to report any suspicious spam e-mails or Websites that they encounter. Employees, suppliers, distributors and even customers or investors can help a company monitor for Internet-based corporate identity attacks, sounding the alert in time to mitigate the damage.

2. Encourage your customers NEVER to click on links in e-mail. Customers should instead directly type or "bookmark" trusted Internet destinations. Spam e-mail can be easily altered so that it appears to have originated from a legitimate source, and can be practically indistinguishable from the real thing. Although many companies and organizations have tried to educate consumers on how to detect fraudulent e-mail, even experts can sometimes find it difficult.

3. Adopt a policy never to contact your customers via e-mail for any reason that would require them to share personal or account information and communicate the policy to customers. Acclimatizing customers to e-mail notifications makes them vulnerable to future identity theft attacks.

4. Make sure you're easy to find online. Promote your Website address and keep it simple to avoid typos and misspellings. Exert as much control over the customers' online experience as possible by trying not to rely on others to deliver your customers to your site. When customers attempt to locate your Website through vehicles such as search engines, partners or spam, it provides an opportunity for others to intercept them before they arrive.

5. Carefully manage your domain registrations and consider monitoring for new registrations that include your company name or trademarks. You may also want to register common typos or misspellings of your Website address before somebody else does. You can then automatically redirect wayward customers to the correct address.

6. Figure out your response to an attack BEFORE it happens. There are lots of resources to help you with your action plan. Many trade associations have formed committees and working groups to share best practices. It's also advisable to seek advice and establish relationships in advance with law enforcement and other parties who can help take down fraudulent sites if an attack occurs.

Adapted from "Defending the Brand: Aggressive Strategies for Protecting Your Brand in the Online Arena," by Brian Murray (AMACOM Books, 2003). Click here for more information about his and other AMACOM business titles.

To learn more about this topic, consider these AMA seminars:

• Effective E-mail Marketing
  
• Successful Product Management