Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Why Corporations Need to Worry About Phishing > NetSparsh - Viral Content you Love & Share

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.

To view examples of phishing emails go to:

* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned with the following four issues:

* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.

Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank

Protecting the Company Brand

Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify ? at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.

Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.

With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

* Immediately educate your customers on how they can correctly identify the phish

* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:

-- 18 U.S.C. 1028(a)(7) ? Identity Theft
-- 18 U.S.C. 1343 ? Wire Fraud
-- 18 U.S.C. 1029 ? Credit-card Fraud
-- 18 U.S.C. 1344 ? Bank Fraud
-- 18 U.S.C. 1030 (a)(4) ? Computer Fraud
-- 18 U.S.C. 1037 ? CAN-SPAM Act
-- 18 U.S.C. 1028(a)(5) ? Damage to computer systems and files

* Prosecute the criminals ? when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.

If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:

* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:

-- Report the theft to your card issuer, and cancel the account

-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges

* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:

* Experian

* Equifax

* Trans Union -- Request that a fraud alert be placed on your record

-- Request a copy of your credit report and follow up on any unauthorized credit inquiries

-- Request that unauthorized credit inquiries be erased from your record

-- Notify your bank of potential fraud

-- File a police report with your local police department

-- File a report with the Social Security Administration

-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name

-- Notify the Federal Trade Commission (www.ftc.gov)

-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:

* www.cybercrime.gov

* www.consumer.gov/idtheft/

* www.identity-theft-help.us/

* www.identitytheft.org/

* www.usdoj.gov/criminal/fraud/idtheft.html

* www.usdoj.gov/criminal/fraud/idquiz.html

* www.ifccfbi.gov/index.asp

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

NPR

Hacks, Security Gaps And Oligarchs: The Business Of Voting Comes Under Scrutiny
NPR
"Election officials have been doing a ton around election security, but if that same thing isn't going on at the vendor level, then that creates a really big potential vulnerability for the entire system," said Edgardo Cortéz, an election security ...

and more »

WOAI

Security guard nearly run over after stumbling onto drug deal
WOAI
SAN ANTONIO - A security guard is nearly run over after breaking up a drug deal on Perrin Central near Perrin Beitel and Wurzbach Parkway. Police said that about 1 a.m. Friday the guard saw four people in the parking lot of the Oak Springs Apartments ...

and more »

Politico

NSA: Security breaches of hacking tools curtailed snooping
Politico
The National Security Agency shut down expensive and vital operations as a result of top secret information being spirited out of its headquarters by a fired NSA computer engineer who claims he took the sensitive records home to work on bolstering his ...


Mashable

A woman accosted a security guard with a fanny pack containing a pigeon
Mashable
A well-planned surprise can be an absolute joy. A surprise birthday party? So much fun! An unexpected gift? Yes, please! A surprise pigeon? Hard pass. Following an altercation with employees at a Social Security Administration office in Virginia on ...
Woman hits security guard with fanny pack containing pigeon, police sayMyPalmBeachPost
Woman pulls knife on security guard, hits him with fanny pack that had pigeon insideWashington Post
Woman pulls knife on security guard, then hits him with bag that had pigeon insideThe Independent

all 37 news articles »

WIRED

Clouldflare and Google Will Help Sync the Internet's Clocks—and Make You Safer
WIRED
The internet's decentralized nature means that the clocks behind every web browser and web application can actually have major discrepancies, which in turn can undermine security protections. In a step toward addressing these inconsistencies, the ...


The Verge

Amazon is turning the Echo into a security system
The Verge
Amazon is adding a few new features to the Echo that turn it into one of the basic pieces of a smart security system. Since Echo speakers are always listening, they'll be able to start listening for the sound of broken glass, or for a smoke or carbon ...
Alexa Guard turns Echo products into security devicesTechCrunch
Alexa Guard makes your Echo a home security deviceEngadget
ADT and Amazon Team Up to Provide Customers With New Home Security FeaturesNasdaq

all 2,304 news articles »

USA TODAY

Terrorism task force investigating 'security breach' at Orlando Melbourne airport
USA TODAY
MELBOURNE, Fla. – The Joint Terrorism Task Force is overseeing the investigation into an overnight incident involving a man suspected of hopping a fence at the Orlando Melbourne International Airport and boarding a vacant American Airlines Airbus in a ...
Student with pilot's license arrested after security breach at Melbourne International AirportWFTV Orlando
Orlando Melbourne International Airport security breach: What we knowFlorida Today
Officials ID student pilot accused of breaching Florida airport securityNews 13 Orlando
SpaceCoastDaily.com -Palm Beach Post -Florida Today
all 1,042 news articles »

The State of NAIC's Data Security Model Law
Insurance Journal
Most states have yet to adopt a cyber security model law for the insurance industry like the one approved by the National Association of Insurance Commissioners in 2017, but one expert believes the industry should be prepared for what he sees as an ...


ZDNet

SingHealth data breach reveals several 'inadequate' security measures
ZDNet
Investigation into Singapore's most severe cybersecurity breach has uncovered several poor security practices, including the use of weak administrative passwords and unpatched workstations. The findings were revealed on the first day of hearings led by ...

and more »

CIO

Pentagon CIOs struggle with legacy tech, security. Sound familiar?
CIO
Flanders, CIO of the Defense Health Agency, is gearing up to consolidate control over the Pentagon's sprawling network of treatment centers, in the process centralizing a far-flung set of IT operations that raise a host of security and device ...

Google News

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Spyware Programs Are Out To Get You!

The average computer is packed with hidden software that can... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

Consumers: Shop Online and Get Information Safely

Do you really have to know how feeds work? Not... Read More

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

Temporary Internet Files - the Good, the Bad, and the Ugly

A little bit of time invested into learning about internet... Read More

Its War I Tell You!

There are ways to insure security though. You can get... Read More

Identity Theft Article ? A Phisher Is Trying To Steal Your Identity!

Sooner or later everyone with an email account will receive... Read More

Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Adware and Spyware: The Problems and Their Solutions

The Threat10 years ago you could probably have run no... Read More

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More