Security Information |
|
Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster. To view examples of phishing emails go to: * Citibank: www.ciphertrust.com/images/example_citibank.gif Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox. Corporations should be concerned with the following four issues: * Protecting employees from fraud A failure to succeed in any of these areas could be catastrophic to a company's ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company's reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to "log in" to an employee's network account using VPN or PC Anywhere software. Protecting Employees from Phishing One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user's inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts. New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email. Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites. Reassuring and Educating Customers Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company's email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud. Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are: * USBank Protecting the Company Brand Each time a phishing attack is launched, a legitimate company's trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company's legitimate email communications or websites. The value of this trust is difficult to quantify - at least until a company begins to lose customers. When customers no longer trust the company's ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations. Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other "softer" targets. Preventing Network Intrusions and Dissemination of Trade SecretsEmployees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization. With little knowledge of an organization's business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization's employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors. It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information. Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge. Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue. What to Do If You Are the Victim of a Phishing ScamIf you become aware of fraudsters imitating your organization to commit phishing fraud, you should: * Immediately educate your customers on how they can correctly identify the phish * Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws: -- 18 U.S.C. 1028(a)(7) - Identity Theft * Prosecute the criminals - when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court. If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then: * If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information: -- Report the theft to your card issuer, and cancel the account -- Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges * If the fraudster has obtained your personal identification information -- Contact the credit reporting agencies: * Experian * Equifax * Trans Union -- Request that a fraud alert be placed on your record -- Request a copy of your credit report and follow up on any unauthorized credit inquiries -- Request that unauthorized credit inquiries be erased from your record -- Notify your bank of potential fraud -- File a police report with your local police department -- File a report with the Social Security Administration -- Notify the Department of Motor Vehicles and determine if an unauthorized driver's license number has been issued in your name -- Notify the Federal Trade Commission (www.ftc.gov) -- File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites: * www.cybercrime.gov * www.consumer.gov/idtheft/ * www.identity-theft-help.us/ * www.identitytheft.org/ * www.usdoj.gov/criminal/fraud/idtheft.html * www.usdoj.gov/criminal/fraud/idquiz.html * www.ifccfbi.gov/index.asp Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.
MORE RESOURCES: US State Department issues worldwide security alert due to potential for attacks on LGBTQ people and events KCCI Des Moines 'Blow the whistle': Indiana's top election official spends $35k on security guide mailings • Indiana Capital Chronicle Indiana Capital Chronicle Canada security intelligence chief warns China can use TikTok to spy on users, CBC reports Reuters Canada Violence in New Caledonia subsides slightly as France sends reinforcements for security The Associated Press House Passes Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Israel Resists Grand Bargain as U.S. and Saudis Work on Security Pact The New York Times U.S.-Ukraine Security Entanglement Risks Forever War The American Conservative International Community Meets to Discuss the Future of Nuclear Security International Atomic Energy Agency Security Alert: Worldwide Caution - U.S. Embassy & Consulates in Indonesia US Embassy and Consulates in Indonesia Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting ... IBM Newsroom Now armed with AI, America's adversaries will try to influence election, security officials warn The Associated Press Sean 'Diddy' Combs Allegedly Paid $50K to Obtain Hotel Security Footage of Cassie Assault: Lawsuit PEOPLE Women are worried about their financial security. That may affect the 2024 presidential election CNBC Nuclear security through the eyes of the Co-Presidents of ICONS 2024 International Atomic Energy Agency Security video appears to show Sean 'Diddy' Combs beating singer Cassie in hotel hallway in 2016 Washington Times Appropriators Lead Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations IBM Selling Cloud Security Software to Palo Alto Networks in Broader Cyber Strategy Shift The Wall Street Journal Security footage calls into question Anchorage police account of fatal shooting Alaska Public Media News TikTok is a threat to Canadians' data security, CSIS chief warns Bennington Banner Security Council Secretary: ‘Not an Inch of Armenian Land Ceded to Azerbaijan’ Armenian News by MassisPost NATO and Economic Security: A Political Oxymoron or Inevitability? CSIS | Center for Strategic and International Studies Canada Releases Defense Policy Update to Boost Security Department of Defense Amazon security guard tries to kill unsuspecting boss before he's shot dead in gunfight with police: 'He almost executed me' New York Post Identity Management and Information Security News for the Week of May 17; Exabeam, Saviynt, VAST Data, and More Solutions Review Fox News Poll: Abortion, economy, and border security are top deal-breakers in 2024 elections Fox News Putin has ditched his paranoid security chief. Here are 5 of the wackiest things Nikolai Patrushev has said. POLITICO Europe See cops working security at Tacoma grocery stores? Here’s why and what policies allow Tacoma News Tribune OWASP dep-scan: Open-source security and risk audit tool Help Net Security Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. - The Washington Post Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. The Washington Post New Survey Finds a Paradox of Confidence in Software Supply Chain Security Security Boulevard Diddy Seen Physically Assaulting Cassie in Never-Before-Seen 2016 Hotel Security Footage Entertainment Tonight Japan, Philippines Finalize Largest Maritime Security Pact Days After Chinese CG, Militia Aggression In SCS EurAsian Times EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free TechCrunch UN sexual violence envoy pulls out of Security Council briefing on Hamas hostages The Times of Israel Endpoint Security and Network Monitoring News for the Week of May 17; Alkira, Preamble, c/side, and More Solutions Review RSA Conference 2024: AI and the Future Of Security Security Boulevard The New U.S. Strategy on Global Health Security Think Global Health Multnomah County Signs $40 Million Contract for Armed and Unarmed Security at County Facilities, Including Public ... Willamette Week An inspector general warned the Justice Department of gaps in its security clearance appeals process Government Executive Patch Tuesday, May 2024 Edition – Krebs on Security Krebs on Security Fintech giant Flutterwave loses ₦11 billion to security breach Business Insider Africa Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion Security Boulevard Center for International Maritime Security | Fostering the Discussion on Securing the Seas. - CIMSEC FCC proposes BGP security measures Network World PKI-Based Passkeys Lead The Way For A Passwordless Future Security Boulevard 7 months since Oct 7, UN Security Council holds first meeting entirely dedicated to Israeli hostages in Gaza All Israel News Votiro Keeps Up the Momentum in 2024 Security Boulevard The situation concerning Iraq - Security Council, 9628th meeting Welcome to the United Nations JLOTS, an obscure Army-Navy capability, arrives in Gaza NavyTimes.com 'Abnormal' security video, Google Drive led to Stephan Sterns' arrest in Madeline Soto case, documents show WKMG News 6 & ClickOrlando May 17: IDF fighter jet carries out rare strike on target in West Bank city of Jenin The Times of Israel Making Safety and Security Intrinsic to School Design Campus Security Today The Dell API Breach: It could have been prevented Security Boulevard Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds Security Boulevard Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24 Security Boulevard Swift actions to mitigate the El nino weather effects on food security paid off - FAO Africanews English Yemeni security forces deploy in Aden as anger simmers over lengthy power outages The Associated Press U.S. Security Cooperation with Ukraine - United States Department of State Department of State |
RELATED ARTICLES
Eliminate Adware and Spyware Everyone should eliminate spyware and adware from your hard drive for your computer privacy protection. Spyware and adware programs also slow down the speed of your computer by cluttering your hard drive with annoying programs. Do You Know What your Kids Are Doing Online? It's a sad statistic, but hundreds of unsuspecting kids are lured away from home every year by strangers they meet in online chat rooms.As frightening as this seems, it gets scarce attention in the media. A New Era of Computer Security Computer security for most can be described in 2 words, firewall and antivirus.Until recently could one install a firewall and an antivirus program and feel quite secure. Lottery Scam, What It is and how to Avoid It? Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. Don't Become An Identity Fraud Statistic! "You've just won a fabulous vacation or prize package! Now, if you'll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!"Now why would they need my credit card or social security number to send me a freebie? Can you say, "identity theft?"Although there are legitimate reasons for people to need that information, such as a purchase or job application, thieves need it to steal your life and money from you!Crime officials are reporting that this kind of theft is becoming quite common. Don't be a victim! Follow a few common-sense suggestions to avoid finding out someone else has taken over your life-along with your bank account!-Do not allow anyone to borrow your credit cards! Your best friend may be trustworthy, but her boyfriend may not be!-Don't provide personal information such as date of birth, credit card numbers, your pin number, mom's maiden name, or social security number over the telephone unless you initiate the call. Passwords or Pass Phrase? Protecting your Intellectual Property Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. 3 Simple Steps to Stay Safe from Spyware There are several basic concepts to keep in mind when deciding to stay spyware free for good. This article will outline a spyware checklist for you to keep in mind when getting tough on spyware and taking back control of your computer using two popular free applications, Ad-Aware,and Spybot - S&D. A Painless Plagiarism Solution A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of their competitors and online plagiarism is one of the easiest.I had worked hard on the copy for my sales page at Watch Live Football (http://www. How To Cover Your Tracks On The Internet Every single time you access a website, you leave tracks. Tracks that others can access. SCAMS - Be Aware - And Report When Necessary The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run. Fishing for Fortunes. Scam! Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. How to Know Whether an Email is a Fake or Not A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too. Viruses and Worms, Protection from Disaster Virus damage estimated at $55 billion in 2003. "SINGAPORE - Trend Micro Inc, the world's third-largest anti-virus software maker, said Friday that computer virus attacks cost global businesses an estimated $55 billion in damages in 2003, a sum that would rise this year. Traditional Antivirus Programs Useless Against New Unidentified Viruses! Every now and then you can read about a new virus and the damage it causes. The millions viruses costs companies each time they strike. What Can Be Done About Spyware And Adware Having a good Spyware eliminator on your computer is vital now a days with all of the different Spyware, Adware, and other malicious computer parasites that are out there. Most of them are reasonably priced and very easy to use. Make Money Online - Latest Scam Disclosed Before we start, I want to make it clear that this article is about scammers that affect people who make money online by selling digital products, like e-books, software, etc. and have a refund policy, because we have a rather long way until the end and, if you are selling physical product or you money online through affiliate programs that don't involve a refund policy it's probably just a waste of time. 5 Simple Steps to Protect your Digital Downloads A couple of days ago, I was searching for a popular eBook online. Now I'm not going to tell you the name of this eBook for reasons you'll understand in the next few minutes. Be Alert! Others Can Catch Your Money Easily! So called phishers try to catch the information about the account numbers and passwords of internet users. They deceive people with faked emails and websites that resembles exactly the originals of well known banks or electronic payment systems. What is Hacking? Are You a Hacker? WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose. |
home | site map |
© 2006 |