Tumbleweed: Anti-Phishing Working Group launch
How a threat was turned into an opportunity for TumbleweedSome issues require action rather than words. A new, pernicious form of fraud began sweeping the Internet two years ago and was one such issue demanding action for communications security company Tumbleweed. “Phishing” involves an email arriving in your Inbox, purporting to be from a bank or other trading institution, requesting that you go to a seemingly innocent website to update your banking details, give your credit card details, and so on.
Those details are then collected by fraudsters. The growth of the phishing phenomenon led Tumbleweed to establish an international industry body - The Anti-Phishing Working Group. The APWG includes major US banks, online retailers, the CIA, FBI and IT vendors as members. Its aim is to wipe out Internet scams and fraud.
Tumbleweed turned to Hotwire to launch the APWG in the UK and conduct a six-month strategic campaign. The UK APWG was launched at a closed meeting in London. Leading financial institutions including high street banks attended together with members of UK law enforcement and the Government.
The launch of the group formed the start of Hotwire’s campaign. Tumbleweed had two strategic objectives. The first was to position the company as the security industry expert on phishing. Its secondary objective was to position its Technical Director for EMEA David Brunswick as the leading commentator on the phishing issue in the UK.
The increasing prevalence of phishing had become a major concern for financial services companies, particularly those with major investments in online banking. Primarily, they were concerned that phishing might potentially draw customers away from online banking for fear of the security risks. A secondary concern related to compensation. Banks faced liabilities when a customer became the victim of a phishing attack. Although the inaugural APWG meeting was closed to the media, Hotwire conducted a series of briefings with key business, IT, national print and broadcast media in parallel, highlighting these issues with David Brunswick fronting the media tour.
The APWG had already developed a sophisticated programme of recording and analysing phishing attacks which was used to produce a monthly APWG report. Hotwire used that to provide an incentive to the media attending briefings. The report provided hard news and kept the issue high on the media agenda. For example, statistics from the APWG report in May 2004 revealed that the number of unique phishing attacks had increased by 4000%.
As a result of Hotwire’s campaign, Tumbleweed has come to own the phishing debate and is regularly called upon to comment on phishing as a communications security issue. Coverage of the campaign has appeared in IT Week, Computing, The Mail on Sunday, SC Magazine, Computer Weekly and broadcast coverage has included BBC Breakfast News. In total, the campaign reached 90% of the tier one media targeted.
Soeren Bech, Business Director for Tumbleweed EMEA, said of Hotwire’s campaign: “Phishing was, at the time, the biggest security story. It was a fantastic issue for Tumbleweed to hook into in order to increase our profile in the UK. Hotwire’s approach of building a thought leadership platform and positioning Tumbleweed as IT security experts was extremely successful in helping to meet our wider PR objectives. And as for quality of coverage – you can’t ask for better exposure than appearing on BBC Breakfast News.”
