Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Why Corporations Need to Worry About Phishing > NetSparsh - Viral Content you Love & Share

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.

To view examples of phishing emails go to:

* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned with the following four issues:

* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.

Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank

Protecting the Company Brand

Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify ? at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.

Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.

With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

* Immediately educate your customers on how they can correctly identify the phish

* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:

-- 18 U.S.C. 1028(a)(7) ? Identity Theft
-- 18 U.S.C. 1343 ? Wire Fraud
-- 18 U.S.C. 1029 ? Credit-card Fraud
-- 18 U.S.C. 1344 ? Bank Fraud
-- 18 U.S.C. 1030 (a)(4) ? Computer Fraud
-- 18 U.S.C. 1037 ? CAN-SPAM Act
-- 18 U.S.C. 1028(a)(5) ? Damage to computer systems and files

* Prosecute the criminals ? when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.

If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:

* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:

-- Report the theft to your card issuer, and cancel the account

-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges

* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:

* Experian

* Equifax

* Trans Union -- Request that a fraud alert be placed on your record

-- Request a copy of your credit report and follow up on any unauthorized credit inquiries

-- Request that unauthorized credit inquiries be erased from your record

-- Notify your bank of potential fraud

-- File a police report with your local police department

-- File a report with the Social Security Administration

-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name

-- Notify the Federal Trade Commission (www.ftc.gov)

-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:

* www.cybercrime.gov

* www.consumer.gov/idtheft/

* www.identity-theft-help.us/

* www.identitytheft.org/

* www.usdoj.gov/criminal/fraud/idtheft.html

* www.usdoj.gov/criminal/fraud/idquiz.html

* www.ifccfbi.gov/index.asp

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

CNN

Kushner-Kelly divide deepens over security clearance overhaul
CNN
The dispute has deepened a growing rift between Kelly and Kushner, who initially welcomed the new system of rigor instituted by the chief of staff but has since grown frustrated by what he views as attempts to limit his access to the President. Kelly ...
Kushner Resists Losing Access as Kelly Tackles Security Clearance ...New York Times
White House: New security-clearance policy won't affect Jared KushnerLos Angeles Times
Jared Kushner Is About To Lose His Security Clearance—And He Isn't Happy About ItNewsweek
HuffPost -USA TODAY -Business Insider -CNN
all 131 news articles »

BBC News

Young Brits 'lack cyber-security awareness'
BBC News
More than 52% of Britons aged 18-25 are using the same password for lots of online services, suggests a survey. By doing so they make it easy for hackers to hijack accounts, warned the UK government's Cyber Aware campaign. The danger was acute because ...

and more »

Knoxville News Sentinel

Knox Schools security supervisor 'didn't hear' phone during probe of Holston threat, chief says
Knoxville News Sentinel
A Knox County Schools security supervisor who was phoned “numerous times” by law enforcement and his own dispatcher as authorities raced to investigate a report of a possible planned shooting at Holston Middle School “didn't hear his phone,” his boss ...

and more »

Knoxville News Sentinel

Ex-Knox schools security officers sue over lost jobs
Knoxville News Sentinel
The lawsuit takes primary aim at Gus Paidousis, the school system's chief of security and a former Knoxville Police Department deputy chief. He replaced Steve Griffin, the longtime security chief, who retired after questions arose about Griffin's ...


CBS News

Mass shooting plot at SoCal high school allegedly thwarted by alert security guard
CBS News
WHITTIER, Calif. -- Authorities say they've thwarted a student's plot for a mass shooting at a Southern California high school. The Los Angeles County Sheriff's Department said Tuesday that a security guard at El Camino High School in Whittier overhead ...
Whittier School Shooting Plot Thwarted by Security Guard, Authorities SayNBC Southern California

all 18 news articles »

Washington Post

Abbas, Haley exchange strong criticism over Middle East at UN Security Council
Washington Post
With President Trump's Middle East peace envoys looking on, Palestinian Authority President Mahmoud Abbas on Tuesday accused the Trump administration of abdicating its commitment to a peace settlement and an independent Palestinian state. Abbas, the ...
WATCH LIVE: PA President Mahmoud Abbas addresses UN Security CouncilThe Jerusalem Post

all 332 news articles »

Toledo Blade

Police: Teenage boy stabs Washington Local security officer
Toledo Blade
A 13-year-old student is accused of stabbing a Washington Local Schools security officer Tuesday at Jefferson Junior High School. Toledo police are investigating the incident that occurred about 9:43 a.m. Craig Hanna, 57, told police he heard a knock ...
Teenager arrested after trying to stab WLS security officer13abc Action News

all 3 news articles »

Foreign Policy (blog)

At the Munich Security Conference, the United States Lacked Bravery and Leadership
Foreign Policy (blog)
To its credit, the Donald Trump administration sent an impressive team to Munich: Secretary of Defense James Mattis, national security advisor H.R. McMaster, Deputy Secretary of State John Sullivan, and Director of National Intelligence Dan Coats ...

and more »

Washington Examiner

Push for armed security in schools, same protection for 'money in a bank'
Washington Examiner
The nation's 10th largest school system this week will be urged to consider revamping security in the wake of last week's Florida school shooting rampage to include adding more armed protection in all schools. “Are our kids important enough to protect ...


The Verge

Google discloses another Windows 10 security flaw before a patch is ready
The Verge
Google disclosed a flaw in Microsoft Edge earlier this week, after Microsoft failed to patch the bug in time. Now Google's Project Zero team of security researchers are disclosing yet another Windows 10 security flaw that Microsoft has again failed to ...
Google discloses a "high" severity security flaw in Windows 10 [Update]Neowin

all 14 news articles »
Google News

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

Eliminate Adware and Spyware

Everyone should eliminate spyware and adware from your hard drive... Read More

Internet Privacy

Over the past few years as the internet has become... Read More

Is Your Email Private? Part 1 of 3

In a word, no - an email message has always... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers

I am the victim of an internet scam. It is... Read More

Internet Identity Theft - How You Can Shield Yourself

With the advent of the World Wide Web, a whole... Read More

Internet/Network Security

Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More

Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?The bulk of financial information... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

Whats All This I Hear About Firewalls?

At this point, if you've got the whole "turning the... Read More

Internet Small Business and Fraud

Be careful of sites that promise to send you "instant... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

Identity Theft -- 10 Simple Ways to Protect Your Good Name!

Identity Theft is one of the most serious problems facing... Read More

Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER

From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More

3 Pervasive Phishing Scams

Scams involving email continue to plague consumers across America, indeed... Read More

Spyware is Not Like a Nosy Neighbor

Remember the television show about the nosy neighbor Mrs. Kravitz... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More