| |
| |
|
Security Information |
|
|
|
Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster. To view examples of phishing emails go to: * Citibank: www.ciphertrust.com/images/example_citibank.gif Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox. Corporations should be concerned with the following four issues: * Protecting employees from fraud A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software. Protecting Employees from Phishing One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts. New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email. Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites. Reassuring and Educating Customers Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud. Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are: * USBank Protecting the Company Brand Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify - at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations. Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets. Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization. With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors. It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information. Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge. Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue. What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should: * Immediately educate your customers on how they can correctly identify the phish * Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws: -- 18 U.S.C. 1028(a)(7) - Identity Theft * Prosecute the criminals - when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court. If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then: * If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information: -- Report the theft to your card issuer, and cancel the account -- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges * If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies: * Experian * Equifax * Trans Union -- Request that a fraud alert be placed on your record -- Request a copy of your credit report and follow up on any unauthorized credit inquiries -- Request that unauthorized credit inquiries be erased from your record -- Notify your bank of potential fraud -- File a police report with your local police department -- File a report with the Social Security Administration -- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name -- Notify the Federal Trade Commission (www.ftc.gov) -- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites: * www.cybercrime.gov * www.consumer.gov/idtheft/ * www.identity-theft-help.us/ * www.identitytheft.org/ * www.usdoj.gov/criminal/fraud/idtheft.html * www.usdoj.gov/criminal/fraud/idquiz.html * www.ifccfbi.gov/index.asp Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.
MORE RESOURCES:
Security - Google News |
|
|
|
RELATED ARTICLES
Reporting Internet Scams When it comes to reporting Internet scams most of us either don't have a clue who to contact or just ignore them in our email. But according to an FBI report in December 2004, nearly ten million people last year didn't ignore them and fell for the latest Internet scams. The Never Ending Spyware Story It's been with us since 1993, it's gotten more intrusive, more complicated.It's created a whole ecosystem, so to speak. Is Adware - Spyware Putting Your Privacy at Risk Do you sometimes notice your computer running slower. Is your computer acting strange almost like its possessed? Well, it just may be plagued with Spyware. Its War I Tell You! There are ways to insure security though. You can get the Windows Update CD from Microsoft and install that before you get online, You can also get most Antivirus Definitions downloaded and save them to disk, then install those before you go online, (of course you have to be using that Product in the first place), and you can get Anti-Spyware on a disk and do the same. Phishing - Learn To Identify It Phishing: (fish'ing) (n.)This is when someone sends you an email falsely claiming to be a legitimate business - like your bank or credit card company - in an attempt to scam you into giving them your personal, private information that they can use to access your accounts. Lottery Scam, What It is and how to Avoid It? Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago. Why you Must Secure your Digital Product and Thank You Web Page A couple of years back, I paid my dues the 'hard way'.My web site was up and running, the sales letter had been 'crafted' with the most influential marketing techniques and the profits had been consistently coming-in, until. Is Shopping Online For Your Horse Gifts Safe? Shopping for horse gifts or other gift items on the internet is quick, convenient and is probably safer than you think. However, you still need to be aware that it is essential to vigorously protect your privacy and financial information when making purchases online. Is Spyware Watching You? Imagine my surprise when I received a phone call from a friend who told me he'd been the victim of a "spyware" attack that left him shaking at his loss of privacy.I listened to his horror story with a sympathetic ear, but I felt secure since I carry anti-virus software and a firewall (both by Norton). How To Give Away Your Personal Information Identity Theft and Your Personal Information -------------------------------------------- Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. Online Shoppers, Beware of a New Scam Beware of a New Scam Aimed at Bargain-HuntersTrying to buy something cheap is absolutely natural--and online crooks set traps for unwitting bargain-hunters. On April 6 Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. Five Excellent Indie Encryption And Security Solutions You Have Not Heard About 1. Geek Superhero http://www. Top Five Online Scams The top five online scams on the Internet hit nearly ten million people last year according to an FBI report in December 2004. That figure doubled from 2003 to 2004 and people are continuing to fall for these email and identity theft scams. How To Prevent Spyware Attacking Your Computer Spyware is software or hardware installed on a computer without a user's knowledge. It gathers information and reports it back to its source. Spy Scanners - Don't Compromise your Privacy Spies, spyware, internet parasites are among what they are usually called. These are scouts that monitor your web activities. Phishing Recently I have received email from my bank/credit Card Company, eBay & pay pal saying that my account has possibly been compromised and I need to confirm my details and password in order to get continued access.Spam email now has a new and more frightening variant, it's called phishing and it has been made by criminals and hackers who aim at getting unwitting consumers to reveal account numbers and passwords. Top Ten Spyware and Adware Threats Identified On December 8, 2004 Webroot, an award winning anti-spyware solution provider, released a press release identifying the ten most significant emerging spyware and adware threats. Most of these you probably haven't heard of and a few may surprise you. Personal Firewalls for Home Users What is a Firewall?The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network. The Important Steps To Protect Your Kids on the Internet Internet is the ocean of knowledge. In this ocean you will find beautiful pearls of knowledge. If You Steal It, They May Come! Business on the internet is getting down right shameless. This week, my email box was literally filled with hype, overly inflated promises, phish mail, scams, ezines I did not order, and about 14 viagra gimmicks.
|
| home | site map |
| © 2006 |
