Phishing for Business

During any period of economic downtown Phishing has found a breeding ground for new socially engineered attempts to defraud individuals, businesses and consumers alike. The potential impact on business is huge, whether it’s an individual employee, business or customer. Phishing is the process of luring unsuspecting users into providing sensitive information for identity or business theft. In the last decade since Phishing arrived on the scene it’s been rapidly growing, therefore organizations need to keep abreast of the latest methods employed by the cyber criminal and proactively take steps to prevent this type of fraud.
Spear Phishing is a targeted version of Phishing, which unlike the more common phishing techniques actually targets known individuals of Banks, Financial institutions or other types of Organizations. Corporate employees are also being targeted by cyber criminals to provide company banking information, vendor and customer databases and other information to facilitate cyber crime. Business services phishing which has recently started to target businesses using Yahoo and Google Ad Words are receiving emails encouraging them to login to the system and update their accounts and provide updated credit card details. In some attacks, to enhance their success rate the cyber criminal is using an e-Card which comes via email and seems legitimate and will take the user to a website whereby a Trojan can be downloaded to the user’s computer for the keylogger to subsequently access company information, user id’s and passwords.
Phishing knows no limits; the cyber criminal is also now using the Mobile Phone and SMS Text messages to Phish for business. This is known as Smishing! The most common technique is to send a text message to the mobile phone stating that the bank account, ATM or Credit card has been compromised and subsequently has been blocked. The message asks that you call a specific number or visit a website to reactivate the account or card asking for the Account number and pin number.
While the financial industry seems to be the most prominent target and continues to be so, others like auctions sites, payments services, retail and social networking sites are increasingly coming under attack.
There is no 100% sure fire way of preventing an attack but there are technologies available to assist, implementation of Secure Socket Layers (SSL) and Extended Validation (EV) Secure Socket Layers are critical in the fight against phishing and other methods of cyber crime. In addition to technologies that assist with prevention of attacks employees, businesses and customers need to be educated in safe internet practices and how to avoid cyber crime. Teaching of how recognize the signs a phishing attempt such as Misspellings, generic greetings instead of a personal one, urgent calls for action, requests for personal information and fake domain names and links.
Without doubt Phishing will continue to evolve and will take advantage of human behaviors such as compassion, trust and curiosity (as witnessed in the Haiti Earthquake disaster). Protecting yourself, a business or a customer relationship requires diligence and education to prevent losses to fraud.


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: