Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.
To view examples of phishing emails go to:
* Citibank: www.ciphertrust.com/images/example_citibank.gif
Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.
Corporations should be concerned with the following four issues:
* Protecting employees from fraud
A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.
Protecting Employees from Phishing
One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.
New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.
Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.
Reassuring and Educating Customers
Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.
Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:
Protecting the Company Brand
Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify - at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.
Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.
Preventing Network Intrusions and Dissemination of Trade SecretsEmployees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.
With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.
It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.
Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.
Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.
What to Do If You Are the Victim of a Phishing ScamIf you become aware of fraudsters imitating your organization to commit phishing fraud, you should:
* Immediately educate your customers on how they can correctly identify the phish
* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:
-- 18 U.S.C. 1028(a)(7) - Identity Theft
* Prosecute the criminals - when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.
If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:
* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:
-- Report the theft to your card issuer, and cancel the account
-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges
* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:
* Trans Union -- Request that a fraud alert be placed on your record
-- Request a copy of your credit report and follow up on any unauthorized credit inquiries
-- Request that unauthorized credit inquiries be erased from your record
-- Notify your bank of potential fraud
-- File a police report with your local police department
-- File a report with the Social Security Administration
-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name
-- Notify the Federal Trade Commission (www.ftc.gov)
-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.
false The Hill
Gazprom security outfit raises concern of new Russia mercenary army Business Insider
Landmark national security trial of Hong Kong democracy activists begins. Here's what you need to know - CNN
Landmark national security trial of Hong Kong democracy activists begins. Here's what you need to know CNN
Indonesian security forces search for NZ pilot taken hostage The Associated Press - en Español
Tallahassee hospital IT security 'event' has signs of ransomware attack Tallahassee Democrat
DoD and Danish Ministry of Defense Sign Security of Supply ... Department of Defense
Ukraine: Meeting under the “Threats to International Peace and ... Security Council Report
Tallahassee Memorial resumes 'limited' elective procedures as IT ... WUSF Public Media
Security Think Tank: Poor training is worse than no training at all ComputerWeekly.com
The Worldwide Cyber Security Consulting Services Industry is Anticipated to Reach $8.614 Billion in 2027 - Yahoo Finance
The Worldwide Cyber Security Consulting Services Industry is Anticipated to Reach $8.614 Billion in 2027 Yahoo Finance
Minerals Security Partnership Governments Engage with African ... Department of State
Drug distributor AmerisourceBergen confirms security breach BleepingComputer
Check Point Software Releases its 2023 Security Report ... Check Point Software
Joint Statement following a UN Security Council meeting on Syria ... - United States Mission to the United Nations
Joint Statement following a UN Security Council meeting on Syria ... United States Mission to the United Nations
Skybox Security raises $50M and appoints Mo Rosen CEO SiliconANGLE News
Coal emissions must fall, but energy security is vital World Economic Forum
Governor Abbott Announces Statewide Plan Banning Use Of TikTok Office of the Texas Governor
New FTX CEO says security so bad execs could have stolen $500M Business Insider
CEO Of Security Company Sentenced To Five Years In Prison For ... Department of Justice
River Cree Resort and Casino updates security with Genetec Security Magazine
Biden Administration Announces Additional Security Assistance for ... Department of Defense
Smiths Detection security tech to equip five New Zealand airports Airport Technology
Central American Security Conference (CENTSEC) 2023 U.S. Southern Command
President Biden Announces Appointments to the President’s ... The White House
Ukraine's Caverns Offer Europe Energy Security Center for European Policy Analysis
Estonian Intelligence Service Warns Of 'Security Risks' From Russia - Radio Free Europe / Radio Liberty
Estonian Intelligence Service Warns Of 'Security Risks' From Russia Radio Free Europe / Radio Liberty
Invitation: Briefing of the UN Security Council on Children & Armed ... - Children and Armed Conflict
Invitation: Briefing of the UN Security Council on Children & Armed ... Children and Armed Conflict
St. Lucie County considers new security cameras following deadly mass shooting - WPTV News Channel 5 West Palm
St. Lucie County considers new security cameras following deadly mass shooting WPTV News Channel 5 West Palm
Department of Homeland Security limits no-knock warrants, chokeholds in updated use-of-force policy - Yahoo! Voices
Department of Homeland Security limits no-knock warrants, chokeholds in updated use-of-force policy Yahoo! Voices
Memphis Police Chief Trained With Israel Security Forces The Intercept
US will send Stryker combat vehicles to Ukraine for first time as part of $2.5 billion security package - CNN
US will send Stryker combat vehicles to Ukraine for first time as part of $2.5 billion security package CNN
DHS Announces Process Enhancements for Supporting Labor ... Homeland Security
Speech, Speed and Security: What's new in Chrome 110 Chrome Unboxed
Everything You Need To Know About Spyware and Malware
You are at your computer, checking out software on EBay. The computer is really sluggish, and you are not running anything else.
Desktop Security Software Risks - Part 1
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.Reason #2: the Desktop Security Software RisksThe risks of placing software on the desktop are such that I will be breaking this article into two parts.
Website Security - Creating a Bulletproof Site in 5 Easy Steps
When it comes to a secure website and passwords it is all in your hands to create a password that a hacker simply cannot crack. However, this will require that you be creative and use everything at your fingertips to create the strongest password possible for a secure web site.
Identity Theft Offline -- So Many Possibilities
Chris Simpson, head of Scotland Yard's computer crime unit was unpleasantly surprised to learn how easy it is to cheat anybody out of his or her personal info -- by means of a fake survey.This survey wasn't a scam; in fact, it was an experiment.
Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is
A week or so ago, I received an inquiry from a man in Indonesia about buying multiple copies of certain items on my website. I immediately suspected fraud, so I explained that I only had one piece of each.
The Loss Prevention Manager should be receptive to the needs and objectives of upper management and work to prevent and reduce loss from crime, fire accidents etc.With the continuing threats brought to us by our AL Quaeda and Taliban enemies and the outbreak of new TV shows that reinforce the danger we all face on a daily basis, one must look within as to how we can protect ourselves from threats both real and imagined.
Dont Allow Hackers to Take Out Money from Your Bank Account
If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'.
Is the Internet Insecure Because of You?
Long gone are the days that we could feel secure and know for certain that we had privacy. With the digital age upon us we can no longer be so sure that our privacy is secure.
How to Protect Your Child from the Internet
When the Internet first came about, it was realized it could be quite the multi-tasking machine. These days people use it for just about everything, from downloading music to checking e-mail, and virtually making the rest of the globe closer all the time.
Can I Guess Your Password?
We all know that it's dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access? But of course remembering all the different passwords can be a headache.
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However, we TechWeb junkies like to call it Phishing.
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission..
A New Low
A new variation of the Nigerian Scam themeThe scam artists are employing the Nigerian Scam to fleece unwary sellers who advertise pets for sale.This is particularly despicable because not only are people losing their money but dogs are being abandoned in freight terminals or being killed to get rid of them.
Are They Watching You Online?
When surfing the Internet you probably take your anonymityfor granted, most of us do.Tapping phones, listening to confidential conversations,reading others' e-mail messages seems like something thatonly happens in spy movies to "other" people.
Reclaim Your PC from the Internet Spies
Viruses are, however, not the only malicious software programs out there. The newest addition to the evil software family is the so called Spywares and a good anti-virus program or firewall is not enough to safeguard against these clever programs.
Delete Cookies: New-Age Diet or Common Sense Internet Security?
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet. It's about cookies on your computer - what they are, why they are there, and what to do about them.
Top Ten Spyware and Adware Threats Identified
On December 8, 2004 Webroot, an award winning anti-spyware solution provider, released a press release identifying the ten most significant emerging spyware and adware threats. Most of these you probably haven't heard of and a few may surprise you.
Lottery Scam, What It is and how to Avoid It?
Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago.
Traditional Antivirus Programs Useless Against New Unidentified Viruses!
Every now and then you can read about a new virus and the damage it causes. The millions viruses costs companies each time they strike.
Internet Shopping - How Safe Is It?
Millions of people make purchases online, but many people are still wary. They fear the unknown and have many doubts and questions about who they are dealing with.
|home | site map|