 |
Expert Support for Your
Business Communications Network |
 |
News |
Testimonials
I wanted to take
a few minutes to compliment your team on a professional Cisco
implementation followed up by excellent customer service. Your
engineers dedication to getting our implementation perfect is
outstanding and deserves mention. They bring knowledge,
patience, and professionalism to the job every day...
– Business Technology Manager
In The News
Phishing:
What is it really?
Monday, 14 April 2008
From Wikipedia:
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.
My two cents:
Phishing is a fast growing type of internet fraud that will continue to grow because of its high rate of success and the fact that it is becoming increasingly more difficult to detect. There are now cases of targeted Phishing attacks called "Spear Phishing". In a Spear Phishing attempt the attacker would send an Phishing email that is crafted with specific information about the company they are targeting. For example, if an attacker were to obtain a list of all email addresses of a banks customers they could specifically target everyone on that list with an email from their bank. This makes the attacks success more probable since the person receiving the email would be more likely to open it since it is from their bank. A phishing attack is successful if a user is tricked into clicking a link in the phishing email and follows that link to the attackers webpage. From there they are vulnerable to many other attacks such as malware/bot infection, identity theft, and credit card fraud.
Recommendations:
- User Awarenese - Educate your users on ways to detect phishing attempts.
- Use a browser that contains anti-phishing safeguards, or use a third party plug-in.
- Integrate anti-phishing detection mechanisms into your firewall or gateway filtering device. This will block phishing attempts at the perimeter of your network, stopping the attack before it reaches your users.
For more information on Phishing and to view some examples of attack emails, please visit http://www.antiphishing.org/phishing_archive/phishing_archive.html .
