Wednesday, July 28, 2004
Phishing Isn't New, But the Phishermen Are Getting Better
Phishing stories are very common these days, in the US and aborad. Gartner's Avivah Litan released a survey last April indicating that nearly 1.8 million Americans were duped by fraudulent emails and released confidential information, including credit card numbers, to thieves.
MailFrontier Inc. tested 1,000 consumers by showing them a mix of email messages, both real and fake (for phishing). 28% of the phished messaged were identified as being valid. What's more, legitimate messages were confused with fakes. So the risks are double edged in that you may unwittingly provide confidential information or expose your computer to a virus and at the same time you may skip an important message from a customer.
Just a few years ago these fake messages had poor grammar, spelling and were easily detected as trash just on visual observation. But the "phishers" are providing a higher quality messages and they are getting difficult to distinguish. I personally received one this week which was confusing. When I saw it on my PC, I was able to distinguish it as a fake but I initially received it on my BlackBerry and it looked as though it was from my ISP and that perhaps spam was being sent from my PC. It was a fake message and following the instructions to rid myself of this would likely have created a major problem. With a home network, this issue will be discussed with others who may fall for this, "trying to do the right thing". The same holds true for your networks in the bank, at your home or your customers. Each user can be the weakest link as one infected PC can infect the others.
What is your Phish IQ? Test yourself at MailFrontier. I had to try several times to get to this site. But this may be a training exercise worth employing with your users.
These phishing expeditions are on the rise. The Anti-Phishing Working Group shows a 19% increase from Mat to June. Larger banks with larger customer bases are primary targets. Citibank had nearly 500 separate attacks in one month, First USA showed a 67% increase and US Bank (also referenced by Ken Golliher in the threads) was up 50%.
An important note here is to ensure that users are educated and that information is communicated. Two old adages are still applicable today. "There is no such thing as a free lunch." Customers need to understand the orphan in Nigeria did not select them out of everyone in the world to help him get his millions out of the country and that Cashier's Check for $12,000 more than the purchase price of the bicycle is not good, forget the Reg. CC terminology of "it cleared". And "if you didn't initiate the call, don't give out your SSN or bank account number." Make sure customers know that you are NOT asking for this in an email. This is why you have a secured site for Internet banking.
Phishing stories are very common these days, in the US and aborad. Gartner's Avivah Litan released a survey last April indicating that nearly 1.8 million Americans were duped by fraudulent emails and released confidential information, including credit card numbers, to thieves.
MailFrontier Inc. tested 1,000 consumers by showing them a mix of email messages, both real and fake (for phishing). 28% of the phished messaged were identified as being valid. What's more, legitimate messages were confused with fakes. So the risks are double edged in that you may unwittingly provide confidential information or expose your computer to a virus and at the same time you may skip an important message from a customer.
Just a few years ago these fake messages had poor grammar, spelling and were easily detected as trash just on visual observation. But the "phishers" are providing a higher quality messages and they are getting difficult to distinguish. I personally received one this week which was confusing. When I saw it on my PC, I was able to distinguish it as a fake but I initially received it on my BlackBerry and it looked as though it was from my ISP and that perhaps spam was being sent from my PC. It was a fake message and following the instructions to rid myself of this would likely have created a major problem. With a home network, this issue will be discussed with others who may fall for this, "trying to do the right thing". The same holds true for your networks in the bank, at your home or your customers. Each user can be the weakest link as one infected PC can infect the others.
What is your Phish IQ? Test yourself at MailFrontier. I had to try several times to get to this site. But this may be a training exercise worth employing with your users.
These phishing expeditions are on the rise. The Anti-Phishing Working Group shows a 19% increase from Mat to June. Larger banks with larger customer bases are primary targets. Citibank had nearly 500 separate attacks in one month, First USA showed a 67% increase and US Bank (also referenced by Ken Golliher in the threads) was up 50%.
An important note here is to ensure that users are educated and that information is communicated. Two old adages are still applicable today. "There is no such thing as a free lunch." Customers need to understand the orphan in Nigeria did not select them out of everyone in the world to help him get his millions out of the country and that Cashier's Check for $12,000 more than the purchase price of the bicycle is not good, forget the Reg. CC terminology of "it cleared". And "if you didn't initiate the call, don't give out your SSN or bank account number." Make sure customers know that you are NOT asking for this in an email. This is why you have a secured site for Internet banking.
Comments:
Post a Comment
