Businesses are no doubt suffering from crooks pretending to be them. If a bank or credit card company utilizes email for account reminders, and a customer grows accustomed to getting them, sooner or later that customer will fall for a scam inserted in between. eBay is a big player who knows this, which is why they rolled out an internal messaging system. The pursuit of “e-safe” customer relations need not stop there.
Ernst & Young and Truste have teamed up on a whitepaper entitled “How Not To Look Like A Phish”. In it they discuss some of the ways businesses can help their customers in the phishing wars, by exercising some “best practices” on their ends.
The guide includes the following recommendations:
– Eliminate using instant message and e-mail to collect information, unless the contact is initiated by the customer.
– Never use an urgent, threatening, or time-sensitive tone.
– Explicitly spell out Web site links and keep the links as straightforward and descriptive as possible. Don’t hypertext words like “click here” that are commonly used to mask false Web site addresses.
– Personalize customer e-mail with non-threatening personal data like a first name so recipients know that the e-mail is coming from a company that knows them.
– Direct customers to respond via your main home page as much as possible.
– Protect your name by checking for unauthorized Web sites that use variations of your company name.
– Authenticate your Web sites using digital certificates.
– Be clear in communicating your anti-phishing strategy to customers.
You can grab the whitepaper in Acrobat format here.