Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.
To view examples of phishing emails go to:
* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif
Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.
Corporations should be concerned with the following four issues:
* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets
A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.
Protecting Employees from Phishing
One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.
New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.
Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.
Reassuring and Educating Customers
Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.
Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:
* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank
Protecting the Company Brand
Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify ? at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.
Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.
Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.
With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.
It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.
Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.
Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.
What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:
* Immediately educate your customers on how they can correctly identify the phish
* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:
-- 18 U.S.C. 1028(a)(7) ? Identity Theft
-- 18 U.S.C. 1343 ? Wire Fraud
-- 18 U.S.C. 1029 ? Credit-card Fraud
-- 18 U.S.C. 1344 ? Bank Fraud
-- 18 U.S.C. 1030 (a)(4) ? Computer Fraud
-- 18 U.S.C. 1037 ? CAN-SPAM Act
-- 18 U.S.C. 1028(a)(5) ? Damage to computer systems and files
* Prosecute the criminals ? when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.
If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:
* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:
-- Report the theft to your card issuer, and cancel the account
-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges
* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:
* Experian
* Equifax
* Trans Union -- Request that a fraud alert be placed on your record
-- Request a copy of your credit report and follow up on any unauthorized credit inquiries
-- Request that unauthorized credit inquiries be erased from your record
-- Notify your bank of potential fraud
-- File a police report with your local police department
-- File a report with the Social Security Administration
-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name
-- Notify the Federal Trade Commission (www.ftc.gov)
-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:
* www.cybercrime.gov
* www.consumer.gov/idtheft/
* www.identity-theft-help.us/
* www.identitytheft.org/
* www.usdoj.gov/criminal/fraud/idtheft.html
* www.usdoj.gov/criminal/fraud/idquiz.html
* www.ifccfbi.gov/index.asp
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.
Press Trust of India, India - Oct 9, 2008
New York, Oct 10 (PTI) The US' National Security Agency's (NSA) intercept operators spent their time eavesdropping on saucy conversations between Americans ...
Inside Operation Highlander: the NSA's Wiretapping of Americans ... Wired News
Will Senate actually investigate NSA spying on Americans? CNET News
US Spies on Americans Intimate Calls Islam Online
New York Times - The Miami Heraldall 147 news articles
MarketWatch - 15 hours ago
Security experts predict over 25000 new threats per hour by 2015, lengthening a security provider's "time to protect" -- the overall time it takes for ...
San Jose Mercury News, USA - 6 hours ago
Beyond these three storage techniques, I also tried something else for people who want plug-in computer security: the $149 Yoggie Gatekeeper Pico. ...
Reuters - 12 hours ago
Frances Townsend, who chaired the Homeland Security Council from 2004 until January this year, said it was vital that the campaigns of presidential ...
Boston Globe
The Associated Press - Oct 9, 2008
The New York Times based its findings on reviews of state records and Social Security data, and said it had identified apparent problems in Colorado, ...
Colorado to Review How It Purges Voters’ Names New York Times
Battle For The West: Voter Roll Purges in CO and NV, State ... Huffington Post
Some Indiana, Michigan voters may have trouble after voter purge WSBT-TV
News & Observer - New York Timesall 670 news articles
MarketWatch - Oct 9, 2008
reported today that it has established Security California Bancorp, a California corporation and bank holding company. As a result of this transaction, ...
BBC News
Xinhua, China - 2 hours ago
According to Zahar, the agreement was aimed at "forming a government of national understating and reform the security services in Gaza Strip and in West ...
Preparing to fail Al-Ahram Weekly
Hamas bomb factory found in West Bank: Fatah AFP
Israel shuts all West Bank crossings Garowe Online
International Middle East Media Center - Ynetnewsall 842 news articles
CEP News
Forbes, NY - 11 hours ago
The low marked Ford's lowest share price since May 31, 1983, according to the Center for Research in Security Prices at the University of Chicago. ...
GM shares fall 30 percent after S&P statement The Associated Press
GM shares tumble to 58-year low International Herald Tribune
GM, Ford stocks screech to record lows Detroit Free Press
DetNews.com - USA Todayall 127 news articles
MarketWatch - 13 hours ago
Security Bank of California Forward Looking Statement Disclaimer - General Form This release may contain forward-looking statements that are subject to ...
RTT News, NY - 10 hours ago
OB: News ) said Friday it reached an agreement with its preferred investors on a restructuring of their security. The restructuring follows the recently ...
Devcon International Corp. Announces Signing of Restructuring ... MarketWatch
all 30 news articles
Click Here To Defeat Evil
Microsoft routinely releases new security updates, many of which are given it's highest severity rating... Read More
Secure Your PC From Hackers, Viruses, and Trojans
Viruses, Trojans and Spyware: Protecting yourself.No user on the internet is safe from assault. Viruses,... Read More
Check Out That Privacy Policy
Before you enter your name, address or any other data in that form, STOP! Wait.... Read More
Is Your Email Private? Part 1 of 3
In a word, no - an email message has always been nothing more than a... Read More
Parental Control - Dangers To Your Child Online & Internet Child Safety Tips
Did you know...? 1 in 5 children who use computer chatrooms has been approached over... Read More
The Saga of the Annoying Adware
When we think of adware, what comes to mind are those annoying and pesky ads... Read More
How Spyware Blaster Can Protect Your Computer From Harm
By browsing a web page, you could infect your computer with spy ware, ad ware,... Read More
Internet Identity Theft - How You Can Shield Yourself
With the advent of the World Wide Web, a whole new breed of criminals have... Read More
Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is
A week or so ago, I received an inquiry from a man in Indonesia about... Read More
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the internet is quick, convenient and... Read More
Dialing Up a Scam: Avoiding the Auto-Dialer Virus
For many, the daily walk to the mailbox evokes mixed... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
IPv6 - Next Step In IP Security
IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More
Just Whos Computer is this Anyway?
Well, this is an article I never thought I would... Read More
Five Excellent Indie Encryption And Security Solutions You Have Not Heard About
1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More
Avoid Internet Theft, Fraud and Phishing
Since its birth, the Internet has grown and expanded to... Read More
Message Board Security Problems
Security leaks can be a big problem for any site... Read More
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive... Read More
5 Simple Steps to Protect your Digital Downloads
A couple of days ago, I was searching for a... Read More
8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft
Ebay is a great site and is used by many... Read More
Reporting Internet Scams
When it comes to reporting Internet scams most of us... Read More
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet... Read More
Watching the Watchers: Detection and Removal of Spyware
If spyware were a person and he set himself up... Read More
Network Security 101
As more people are logging onto the Internet everyday, Network... Read More
Personal Firewalls for Home Users
What is a Firewall?The term "firewall" illustrates a system that... Read More
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the... Read More
Crack The Code - Thats A Direct Challenge
I Challenge You To Crack The Code ------------------------------------- I had... Read More
Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is
A week or so ago, I received an inquiry from... Read More
Make Money Online - Defend Against The Latest Scam
First, let's do a little recap'. As I stated in... Read More
Spyware Programs Are Out To Get You!
The average computer is packed with hidden software that can... Read More
Another Fine Mess!
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
Top Five Spyware Fighting Tips
Spyware and adware are becoming major problems for online surfers... Read More
Spyware Protection Software
Spyware protection software is the easiest way of removing spyware... Read More
Detect Spyware Online
You can detect spyware online using free spyware cleaners and... Read More
How to Fight Spyware
If you are wondering how to fight spyware for safe... Read More
Internet Security |