Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Why Corporations Need to Worry About Phishing > NetSparsh - Viral Content you Love & Share

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.

To view examples of phishing emails go to:

* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned with the following four issues:

* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.

Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank

Protecting the Company Brand

Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify ? at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets.

Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.

With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

* Immediately educate your customers on how they can correctly identify the phish

* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:

-- 18 U.S.C. 1028(a)(7) ? Identity Theft
-- 18 U.S.C. 1343 ? Wire Fraud
-- 18 U.S.C. 1029 ? Credit-card Fraud
-- 18 U.S.C. 1344 ? Bank Fraud
-- 18 U.S.C. 1030 (a)(4) ? Computer Fraud
-- 18 U.S.C. 1037 ? CAN-SPAM Act
-- 18 U.S.C. 1028(a)(5) ? Damage to computer systems and files

* Prosecute the criminals ? when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.

If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:

* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:

-- Report the theft to your card issuer, and cancel the account

-- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges

* If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies:

* Experian

* Equifax

* Trans Union -- Request that a fraud alert be placed on your record

-- Request a copy of your credit report and follow up on any unauthorized credit inquiries

-- Request that unauthorized credit inquiries be erased from your record

-- Notify your bank of potential fraud

-- File a police report with your local police department

-- File a report with the Social Security Administration

-- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name

-- Notify the Federal Trade Commission (www.ftc.gov)

-- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:

* www.cybercrime.gov

* www.consumer.gov/idtheft/

* www.identity-theft-help.us/

* www.identitytheft.org/

* www.usdoj.gov/criminal/fraud/idtheft.html

* www.usdoj.gov/criminal/fraud/idquiz.html

* www.ifccfbi.gov/index.asp

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.

In The News:


Forbes

A Security CEO and Two Hackers on Building a Safer Internet, Powered by a Community of Hackers
Forbes
In recent years technology has become an increasing mainstay of businesses in how they present their products and engage their customers. The net effect of this is more and more companies building internal software engineering teams (or depending on ...

and more »

New York Times

Security Officers Fired for United Airlines Dragging Episode
New York Times
Two airport security officers in Chicago have been fired for their roles in an episode in which a screaming passenger was violently dragged from a United Airlines flight in April — an act that was captured on video, sending the airline into a public ...
Chicago fires 2 security officers in United Airlines passenger dragging caseCBS News

all 59 news articles »

snopes.com (blog)

Is the Mandalay Bay Security Guard 'Missing'?
snopes.com (blog)
In the days following the 1 October 2017 mass shooting in Las Vegas, various conspiratorial web sites and Internet personalities began casting aspersions on a wounded Mandalay Bay security guard, falsely claiming he was an “accomplice” to gunman ...
Jesus Campos, Vegas security guard shot before rampage, appears to have vanishedLos Angeles Times
LA Times: The Mandalay Bay Security Guard Has Apparently Vanished UPDATE: MGM Knows Where He IsTownhall
Security Experts Predict Changes in the Wake of Las Vegas MassacreNBCNews.com
Fox5NY -Daily Mail -Fox News
all 98 news articles »

TechCrunch

BuddyGuard raises €3.4M for its home security camera powered by AI
TechCrunch
BuddyGuard, the Berlin startup behind the Flare AI-powered home security camera, has raised €3.4 million in new funding, money it plans to use to ramp up marketing of the newly-launched device. Leading the round is German electrical specialist Bachmann ...

and more »

Ars Technica

Google now offers special security program for high-risk users
Ars Technica
Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers ...
Gmail will add security features for targets of hackersNew York Post
Google is rolling out advanced Gmail security for government officials and journalistsCNBC
If you're willing to trade ease-of-use for security, Google has a new feature for youQuartz
The Hill -TechCrunch -Engadget
all 84 news articles »

Bloomberg

Haley to Press UN Security Council on Iran After Trump Decision
Bloomberg
Haley, the U.S. ambassador to the United Nations, will use a Wednesday Security Council meeting on “the situation in the Middle East" to once again take on Tehran's ballistic-missile program and its support for Hezbollah and Syrian ruler Bashar Al ...

and more »

RadioFreeEurope/RadioLiberty

Bombing Targets Pakistani Security Forces, Killing At Least Seven
RadioFreeEurope/RadioLiberty
Pakistani officials say a bomb attack on the outskirts of the southwestern city of Quetta has killed at least six members of the country's security forces and one civilian. The Pakistani Taliban, a militant group fighting Pakistan's government, claimed ...

and more »

KRACK WiFi Security Fixes Are Coming, But You Need to Take Control
ConsumerReports.org
The revelation this week that a serious security flaw could affect WiFi networks in homes and businesses highlights how tough it can be for consumers to keep vital technology updated with secure software. Millions of households rely on wireless routers ...

and more »

Bloomberg

Homeland Security Must Reveal Why It Ended 'Dreamers' Policy
Bloomberg
A federal judge in San Francisco who is overseeing five lawsuits challenging the September announcement to end Deferred Action for Childhood Arrivals, or DACA, said Tuesday that Homeland Security must turn over all emails, letters, memos, notes and ...

and more »
Google News

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom ---------------------------------------- As a network... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Dont be a Dork ? Protect Yourself

There are folks out there who use their powers for... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

Steganography ? The Art Of Deception & Concealment

The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

Phishing - Learn To Identify It

Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

What to Look for before You Purchase Spyware Software

Huge number of spyware software applications are available in the... Read More

Technology and Techniques Used in Industrial Espionage

Industrial Espionage. These methodologies are being used on a daily... Read More

What is Hacking? Are You a Hacker?

WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More

If You Steal It, They May Come!

Business on the internet is getting down right shameless. This... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

Dialing Up a Scam: Avoiding the Auto-Dialer Virus

For many, the daily walk to the mailbox evokes mixed... Read More

Internet/Network Security

Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

Personal Firewalls for Home Users

What is a Firewall?The term "firewall" illustrates a system that... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More