HIDDEN BEHIND YOUR COMPUTER SCREEN, A FRAUDSTER AWAITS - Part One

Arm against online fraud

Phishing emails are making their way into enterprise desktops, which not only makes employees’ personal information vulnerable to fraudsters, but also opens up confidential corporate data to phishers

THESE DAYS, computer users are online not only for longer periods of time and more frequently, but they are also conducting more important transactions via email and the Internet. Activities like banking online, trading stock, purchasing products and services, and managing personal accounts through websites are becoming more common. While the Internet makes conducting such activities more convenient, it has also opened up a new form of fraud that scammers are taking advantage of in increasing numbers. As a result, online fraud is becoming a growing problem – not only for consumers but for enterprises as well.
Due to the nature of their business, banks and financial institutions are the prime targets of online fraudsters.
One of the latest schemes that targets online banking and transactions and is called phishing.
Phishing is an online scam where fraudsters send millions of emails to random accounts. The emails appear to come from popular web sites or from the user’s bank, credit card company, email provider or Internet service provider. The emails often inform users that the company needs personal information, such as their credit card number or password, to update their account. Many times, the emails include a URL link that takes consumers to what appears to be a legitimate website. However, the site is actually a fake or “spoofed” website. Once consumers are on this spoofed site, they are asked to enter personal information that is transmitted to the phisher.
The problem is continuing to escalate. The monthly volume of phishing emails increased nearly 10 times during the past nine months to 3.1 billion emails worldwide in April 2004. This equates to 1 in 20 emails sent. At the same time, Gartner reported in May 2004 that if phishing attacks continue it will have a serious impact on ecommerce and online transactions in general.

Why should enterprises be concerned about phishing?

Phishing is an issue that affects both consumers and enterprises. Companies should be concerned about phishing because their customers’ accounts could be compromised by these scammers. Not only can this cause financial harm to consumers, but it also hurts their business. The use of a company’s name in a phishing scam can weaken the company’s credibility and diminish the value of its brand.
Phishing emails are also making their way into enterprise desktops, which not only makes employees’ personal information vulnerable to fraudsters, but it also opens up the possibility of confidential corporate data from being shared with phishers.
Concerns about falling victim to phishing scams are eroding consumer confidence in online banking and e-commerce. Unless companies take action to protect their customers from phishers Gartner predicts that the recent growth in online sales, 20% annually, will halve by 2007. Many banks are now focusing on fraud prevention and detection due to the growing trend in electronic fraud.

What can enterprises do to protect their brand and customers?

Enterprises can take proactive steps to protect their company and the consumers who trust their brand. First, they should define consistent policies for contacting customers via email. These policies should be clearly communicated to employees and customers. Enterprises should also set up a contact point, whether it be an email address, web page or phone number, where customers can report fraud. In addition, enterprises should look into setting up “honeypot” email accounts to trace phishing attacks that use the company’s name. In the event that a phishing attack is discovered, enterprises should immediately notify authorities and customers. If a website is involved, they should request that the host ISP remove the site.