In most phishing attacks, there is some form of deception being attempted, to get you to trust the sender and take an action that benefits the attacker. In many cases, the attacker is impersonating somebody you trust.

One of the most frustrating aspects of phishing is the fact that the person or entity being impersonated almost never knows about the attack when it is happening. The first instinct for many recipients of these messages, once they realize they have been tricked, is to complain to the apparent sender, holding them somewhat responsible. Regardless of whether or not you consider this to be a fair accusation, the victim now persistently associates the scam with the entity that was being impersonated in the phishing email.

I have seen a number of large organizations funnel these kinds of complaints to their IT department for action. Inevitably, the IT security team says, “Sorry, these attacks doesn’t touch our networks, and we have no way to detect or respond to them.”

What this means is that impersonation attacks that target customers or partners of an organization are really a public relations problem. Your PR organization should be briefed on the increasing reputational risks from impersonation phishing and social engineering scams. 

Elvis impersonator

The proper remedial action is to have a pro-active public messaging campaign to your clients, and an awareness program for teaching them how to spot scams that try to trick them, usually into paying money or clicking on links or attachments that download ransomware.

Tip for Employees:

When you hear about clients who fall for scams that impersonate your organization, don’t just shrug and say, “Well, there’s nothing we can do about that.” These attacks can hurt your organization’s reputation, even if they don’t touch your network. You should try to work with your management team to identify how you can help educate clients to avoid becoming victims.

Tip for Managers:

By showing leadership and innovation in helping clients defend against cyber threats, your organiztion may be able to turn a potentially negative situation into a good story that they can share.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.