• Subscribe   
  • Subscribe   

Killing email wont stop phishing: here's why...

Kill Phishing, not Email

Anyone who works in the email space knows that phishing is one of the biggest security threats organizations face. It’s been that way for a long time and the situation hardly seems to be getting better.

In large part, that’s down to the fact that it’s also probably the hardest form of threat to counteract. After all, it doesn’t target technological vulnerabilities, but human beings. All it takes is one person not paying full attention to an email and an entire organization can be breached.

Given the cost and damage that a breach can cause, it would be wonderful if there was a bullet-proof way of preventing phishing.

Over the years, there have been a few suggestions around how to do this. One of the latest is that organizations, and banks in particular, should simply kill email as a form of communication.

In an article published on Tomorrow’s Transactions, Hyperion Consult Director, Dave Birch says: ”It’s time to move to conversational commerce based on messaging and forget about the bad old days of insecure, spam-filled, fraudophilic (and frankly passé) email”.

As alluring as Birch’s nuclear logic might seem, killing email as a form of business to customer communication simply isn’t advisable or able.

Email is the most powerful weapon banks have in their arsenal

Email is ubiquitous

4.2-billion people are set to have email accounts by 2022 — and email offers the highest return per marketing dollar spent.

It also has cross-generational appeal

%

Of Teens

%

Of Millennials

68% of teens and 73% of Millennials consider email their preferred communication medium when communicating with brands.

Small wonder then that a recent Wall Street Journal article labelled email as *the* hot new channel for reaching people and the only guaranteed-delivery option the Internet has left.

Even if killing email didn’t come with such pitfalls, it is still likely to be entirely futile

Without email, tech savvy criminals would increasingly turn their attention to ways of intercepting your bank app connections and applying social engineering tactics to fool you into providing details over other channels. The crime will just move neighbourhoods. At least with email we have 30 years of knowledge of the process, pitfalls and safeguards

Fraudsters would keep using email, safe in the knowledge that a percentage of customers would still assume email communication from their bank to be legitimate.

So, where does that leave banks in the war against phishing?

From a technical perspective, their security teams can use SPF, DKIM and DMARC, all of which go a long way to securing the email channel.

Consistency in the form, format and security features of each and every email that leaves the organization is also a key way of weeding out the knock-offs, spoofs and phishing scams.

But by far the most powerful thing they can do is educate their customers.

This means keeping customers up to date with the latest messaging used in phishing attacks, as well as reminding them what the organization will never ask them to do in an email.

Anti-phishing messaging needs to be consistent and communicated across multiple channels (including your app). If your messaging isn’t consistent, then people can quickly forget what to look out for and slip back into risky habits.

It’s also vital that the educational messaging is accessible to the entire customer base. Eliminate the jargon and technical speak, or risk people switching off and not digesting whatever it is you’re trying to tell them.

There are a number of ways to combat phishing, but to suggest that a bank (or any organization for that matter) kill email, simply isn’t feasible.

Did you enjoy the read? Then be sure to subscribe to our blog to receive more great posts from our expert bloggers.

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of sending you email communications.
  • We will not share or publish your information or process it for any other reason.
  • You may stop your email subscription at any time by using the unsubscribe link provided in the footer of our email communications. Thereafter, we will store your details as a record of the beginning and end of your subscription.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.

Do you need a digital partner that understands security and data protection?

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of contacting you.
  • We will not share or publish your information or process it for any other reason.
  • Once your request is fulfilled, we will either delete your information or request your consent for further processing.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.

Michael Wright

Michael Wright

Chief Executive Officer at Striata

Michael is the founder and CEO of Striata. A Chartered Accountant by profession, he started his career at PwC where he was responsible for Internet Strategy & Services and Business Information Services. The technology bug having firmly bit, he moved to VWV Interactive as Managing Director before establishing Striata in 1999.

He was the founder of the South African chapter of First Tuesday, the "Global Thought Leadership Network". As Striata's CEO, Wright is responsible for the company’s vision, direction and the business’ global expansion.

Read more of Michael's blog posts here or connect with him on the following social channels: