This article has been modified from its original version. Certain quoted material has been removed because its veracity could not be confirmed.
One of the oldest cons in the book, the confidence scam, has a new name: phishing. And it’s putting IT on alert because of its potential to damage online business communications and compromise the datacenter.
Phishers use spam to direct their victims to Web sites designed by thieves to resemble legitimate e-commerce sites. Who hasn’t received an urgent e-mail from a phisher masquerading as a trustworthy representative from PayPal or eBay and threatening to terminate your account unless you go to a bogus Web site and hand over personal information?
Many have wised up. But according to the Anti-Phishing Working Group, nearly 5 percent of recipients respond to phishing — a far greater rate than the less than 1 percent who respond to run-of-the-mill spam.
Phishers are employing increasingly sophisticated techniques, such as malicious code buried in images, keystroke-logging applications that download as soon as an e-mail is opened, and spoofed Web sites that look totally legitimate — right down to the “security” padlock in the browser. One fear is that, as phishing scams get slicker and more people get duped, customers will throw up their hands, shop offline, and send business-related e-mail straight to the delete folder. Wary end-users don’t bode well for electronic bill paying and e-mail advertising, either.
“If consumers ignore communications from businesses and shy away from using online services, it will have a very negative impact” on the enterprise, observes Gregg Mastoras, senior security analyst at security solutions vendor Sophos.
Security experts expect the problem to get worse in 2005, touching almost every enterprise.
Because phishing is a main artery for identity theft in an era of widespread data consolidation, it’s expected to spur more hacking attempts against the datacenter.
| Click for larger view. |
“To phish, you need a hook,” Moghe says. “The hook for massive information theft is insider information. Once thieves get inside the database, masquerading as real users, the haul can amount to millions of cases of identity theft. Information theft scams are becoming more and more sophisticated, and identity theft from inside large databases will only increase.”
Phishing season is officially open; the good news, however, is that many of the same security measures that protect against viruses can shield the enterprise from phishers.
Live Bait
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »