Why Corporations Need to Worry About Phishing

Written by CipherTrust

Phishing is a relatively new form of online fraud that focuses on foolingrepparttar victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically,repparttar 109515 victim provides information into a form onrepparttar 109516 imposter site, which then relaysrepparttar 109517 information torepparttar 109518 fraudster.

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks have increased by 4000%. Compoundingrepparttar 109519 issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned withrepparttar 109520 following four issues:

  1. Protecting employees from fraud
  2. Reassuring and educating customers
  3. Protecting their brand
  4. Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company’s ability to function inrepparttar 109521 marketplace. If employees are not protected,repparttar 109522 company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, thenrepparttar 109523 company’s reputation and brand may be tarnished or ruined because customers feel that they can no longer trustrepparttar 109524 organization with their sensitive information. And finally,repparttar 109525 latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting intorepparttar 109526 wrong hands could result in grave consequences once hackers are able to “log in” to an employee’s network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One ofrepparttar 109527 best ways to protect employees from Phishing is to prevent spam from ever getting torepparttar 109528 user’s inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventingrepparttar 109529 majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust isrepparttar 109530 Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifyingrepparttar 109531 source of each email.

Of course, spam filtering and SIDF cannot solverepparttar 109532 problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solverepparttar 109533 phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company’s email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, andrepparttar 109534 need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section ofrepparttar 109535 site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

Protectingrepparttar 109536 Company Brand

Each time a phishing attack is launched, a legitimate company’s trademark is tarnished and brand equity is eroded. The more attacks a company suffers,repparttar 109537 less consumers feel they can trustrepparttar 109538 company’s legitimate email communications or websites. The value of this trust is difficult to quantify – at least until a company begins to lose customers. When customers no longer trustrepparttar 109539 company’s ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearlyrepparttar 109540 goal is to convincerepparttar 109541 fraudsters that your customers will not fall forrepparttar 109542 scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to followrepparttar 109543 path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks,repparttar 109544 perpetrators simply turn their attention to other “softer” targets.

Preventing Network Intrusions and Dissemination of Trade Secrets

3 Criteria for Controlling Enterprise Spam

Written by CipherTrust

Or: T*ake Y O U R email ba & ack + Fromrepparttar Sp@mmers! 0400constrictor bubble snake informational

If you have a business, then you have a spam problem. The efficiencies of communicating through e-mail not only benefit organizations like yours; they also benefitrepparttar 109514 spammers who profit off of sending pernicious e-mails to millions of people every day. In fact, spam is so cost-effective that it costs less than $0.0004 to send a single spam. That’s 25 emails for just one penny!

The Spam Problem

According to Meta Group, “Companies are routinely getting 20,000 daily spam messages, putting significant burden (e.g. bandwidth and storage consumption) on mail relays, SMTP gateways, and internal mail servers.”

To make matters worse, companies have invested millions of dollars in spam-fighting technologies that have been rendered obsolete within months of purchase byrepparttar 109515 innovation of spammers who have found ways to thwart new technologies alongrepparttar 109516 way. Examples of spammer ingenuity abound. As recently as mid-2003 Bayesian logic was touted asrepparttar 109517 immutable defense against spam, but by early 2004, most spam had evolved to be “Bayesian-proof”. There are even programs available for download onrepparttar 109518 internet that will “test” your spam for you before you send it to make sure it will get pastrepparttar 109519 spam filters.

Clearly,repparttar 109520 solution is to partner with a company that specializes in fighting spam. Who you choose is a crucial step because you don’t want your solution to become obsolete within a few months, and you certainly don’t want to create a problem with false positives.

Criteria 1 – Diversity – The Cocktail Approach to Filtering Spam

The first step in addressing spam is identifying it. But, unlike viruses, spam identification is not straightforward. There is no “smoking gun” that clearly indicates to a detection system that a message is a spam. For instance,repparttar 109521 common approach of looking for keywords such as “Viagra” or “Free”, misses many spams. The method of blocking known spammer IP addresses lags and does nothing to deter determined spammers. Any effective spam detection system must employ multiple techniques for identifying and measuringrepparttar 109522 probability that a message is spam includingrepparttar 109523 newer heuristic analysis and real-time collaborative spam filtering tools.

Criteria 2 – Flexibility – Different Strokes for Different Folks

Cont'd on page 2 ==>
ImproveHomeLife.com © 2005
Terms of Use