Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Why Corporations Need to Worry About Phishing > NetSparsh - Viral Content you Love & Share

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.

To view examples of phishing emails go to:

* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned with the following four issues:

* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.

Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank

Protecting the Company Brand

Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify ? at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.

Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.

With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

* Immediately educate your customers on how they can correctly identify the phish

* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:

-- 18 U.S.C. 1028(a)(7) ? Identity Theft
-- 18 U.S.C. 1343 ? Wire Fraud
-- 18 U.S.C. 1029 ? Credit-card Fraud
-- 18 U.S.C. 1344 ? Bank Fraud
-- 18 U.S.C. 1030 (a)(4) ? Computer Fraud
-- 18 U.S.C. 1037 ? CAN-SPAM Act
-- 18 U.S.C. 1028(a)(5) ? Damage to computer systems and files

* Prosecute the criminals ? when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.

If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:

* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:

-- Report the theft to your card issuer, and cancel the account

-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges

* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:

* Experian

* Equifax

* Trans Union -- Request that a fraud alert be placed on your record

-- Request a copy of your credit report and follow up on any unauthorized credit inquiries

-- Request that unauthorized credit inquiries be erased from your record

-- Notify your bank of potential fraud

-- File a police report with your local police department

-- File a report with the Social Security Administration

-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name

-- Notify the Federal Trade Commission (www.ftc.gov)

-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:

* www.cybercrime.gov

* www.consumer.gov/idtheft/

* www.identity-theft-help.us/

* www.identitytheft.org/

* www.usdoj.gov/criminal/fraud/idtheft.html

* www.usdoj.gov/criminal/fraud/idquiz.html

* www.ifccfbi.gov/index.asp

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

TechCrunch

Security, privacy experts weigh in on the ICE doxxing
TechCrunch
In what appears to be the latest salvo in a new, wired form of protest, developer Sam Lavigne posted code that scrapes LinkedIn to find Immigration and Customs Enforcement employee accounts. His code, which basically a Python-based tool that scans ...
Trump signs executive order on immigration, but says 'zero tolerance' will continueUSA TODAY
GitHub, Medium, and Twitter take down database of ICE employee LinkedIn accountsThe Verge
Federal agencies continue to advance capabilities with Azure Government – Azure Government CloudMSDN Blogs - Microsoft
GitHub
all 42 news articles »

EFF

Journalists and Digital Security: Some Thoughts on the NYT Leak Case
EFF
The leak investigation involving a Senate staffer and a New York Times reporter raises significant issues about journalists, digital security, and the ability of journalists to protect confidential sources. The New York Times recently revealed that the ...


BBC News

Venezuela crisis: UN says security forces killed hundreds
BBC News
Venezuelan security forces have carried out hundreds of arbitrary killings under the guise of fighting crime, the UN's human rights body says. In a report, it cites "shocking" accounts of young men being killed during operations, often in poor ...
Killings by security forces rife in Venezuela, rule of law 'virtually absent': UNReuters
Venezuelan security forces killed 'hundreds', rule of law 'virtually absent', UN saysTelegraph.co.uk

all 221 news articles »

Los Angeles Times

Protesters gather outside Homeland Security Secretary Kirstjen Nielsen's home
Los Angeles Times
About two dozen people gathered Friday morning outside the Virginia home of Homeland Security Secretary Kirstjen Nielsen in response to the Trump administration's policy on separating children from their parents at the border. According to an organizer ...
Homeland Security Secretary Kirstjen Nielsen heckled outside her homeKGO-TV
DHS Secretary Nielsen casts immigration crisis as 'a national security issue'ABC News
Shaheen calls for Homeland Security secretary's resignationConcord Monitor

all 1,741 news articles »

Security Intelligence (blog)

Why Security Skills Should Be Taught, Not Hired
Security Intelligence (blog)
Chief information security officers (CISOs) across the globe have long lamented the fact that so many job applicants lack the security skills they need to fill crucial security positions. Put bluntly: IT leaders have simply failed to create a pipeline ...


Digital Trends

Improving security means killing the password, but that battle has just begun
Digital Trends
(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity. Passwords are often cited as the biggest problem with modern digital security. They're supposed to be complicated, unique, and ever changing, and yet few ...

and more »

Tom's Guide

Millions of Baby Monitors, Security Cameras Easy to Hack
Tom's Guide
In a new report, information-security firm SEC Consult details a vulnerability the snoop might have exploited. If SEC Consult is right, many other baby monitors, security cameras and webcams made by the same manufacturer (hint: it isn't FREDI) might be ...


Wall Street Journal

EU Set to Impose Sanctions on Myanmar Security Officials
Wall Street Journal
The European Union is set to impose sanctions on seven Myanmar military and border guard police officials over the mass expulsion of ethnic Rohingya, according to diplomats, in a sign that EU leaders will go beyond words in punishing Myanmar security ...

and more »

Mac Rumors

Apple iOS Passcode Crack Revealed by Security Researcher. Watch the Exploit in Action
Fortune
An iPhone can be unlocked with a virtual keyboard pretending to type lots of passcodes, a security researcher revealed Friday. By sending all possible four-digit PIN combinations as if they came from a USB keyboard, the cracking method bypasses Apple's ...
Security Researcher Discovers Method for Brute Forcing iPhone Passcode in iOS 11Mac Rumors

all 74 news articles »

The National Security Law Podcast: It's a Girl!
Lawfare (blog)
A quick run-down of other DOJ national security developments this week includes new charges against a man allegedly responsible for leaking the CIA “Vault 7” materials to Wikileaks and also a Wisconsin woman who allegedly hacked the social media ...

Google News

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Watching the Watchers: Detection and Removal of Spyware

If spyware were a person and he set himself up... Read More

What to Look for before You Purchase Spyware Software

Huge number of spyware software applications are available in the... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

Make Money Online - Latest Scam Disclosed

Before we start, I want to make it clear that... Read More

Is My PC Vulnerable on the Internet?

No longer are viruses the only threat on the internet.... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

Data Security; Are Your Company Assets Really Secure?

Is your data secure? Think again. Securing data is unlike... Read More

Internet Small Business and Fraud

Be careful of sites that promise to send you "instant... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

Cyber Crooks Go Phishing

"Phishing," the latest craze among online evil-doers, has nothing to... Read More

Message Board Security Problems

Security leaks can be a big problem for any site... Read More

Protect Your Little Black Book

The movie Little Black Book features a young woman, Stacy,... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

Breaking Into Your PC: News...

You'd better learn news from media, not from emails, security... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

A New Era of Computer Security

Computer security for most can be described in 2 words,... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

Phishing ? Its Signs and Your Options

Phishing is the act of some individual sending an email... Read More

Viruses and Worms: The Problems and Their Solutions

History and BackgroundThe virus was one of the first ever... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More