HomeSmall BusinessProtect Your BusinessMonitor Threats to Your Business

Phishing

in

Phishing is a technical term coined by computer programmers and hackers.  Phishing attacks usually use fraudulent emails to trick consumers into sharing their personal data such as Social Security numbers or financial account information such as credit card account numbers and user names and passwords.

Phishers accomplish their scams in three main ways:

  • Fraudulent Emails.  Phishers trick consumers by sending them emails that appear to be from a reputable company such as a bank, retailer or credit card company.  These emails include Web links that take consumers to a fake Web site where they enter their personal information.
  • Keystroke Programs.  Phishers use a fraudulent email to place programs on computers that allow phishers to record every keystroke a consumer types.  Phishers are then able to obtain usernames, passwords and other personal data.
  • Web Site Hijacking.  Phishers can take over the Web address of a company and re-direct Web surfers to a fraudulent, but realistic site, which steals consumer information.

Source: Anti-Phishing Working Group - http://www.antiphishing.org/Phishing-dhs-report.pdf

Phishing Affects Your Company
Phishing attacks are a risk to any company with a Web site.  Phishers can replicate your logo and other identifiable characteristics to trick consumers.  Any attack using your brand can damage your corporate reputation, cost you money and drive away customers.  Key steps to reduce the risk of a phishing attack include:

  • Monitor or Register Sites with Similar Spelling To Yours
  • Prepare.  Phishers often leave a trail of evidence so be prepared to identify the clues that a phishing attack is in its early stages:
    • Provide your customers with an email address that allows them to validate that an email they receive with your logo, etc. is really from you.
    • Monitor returned email messages as phishers often may hijack your email address to send bulk emails.
    • Log your customer service calls and check for spikes in certain types of complaints such as a password inquiries and changes.
    • Check for unusual customer account activity that has large volumes of logins, password changes, purchases, withdrawals, etc.
    • Regularly search the Internet for use of your corporate logos.

Source: Anti-Phishing Working Group - http://www.antiphishing.org/Phishing-dhs-report.pdf