June 2004 Mfg.Trust
Mfg.Trust is a monthly feature of the
NCMS InfraGard Manufacturing Industry Association
Infrastructure assurance for manufacturers
Powered by NCMS.
This month – PHISHING
Identity Theft Revisited
See the Resources Page for this Story
Editor's Preface:
The most rapidly growing crime in the United States has earned another
name, as a result of some scary new techniques. The forcefulness of
these criminal attacks has brought a refreshing response by anti-phishing
non-profit and government groups, but they, and we, have a lot to learn.
As usual, the Resources page that
accompanies this article offers a rich information set for more study.
See http://trust.ncms.org
(Publications Index tab).
Editor
PHISHING
What is Phishing?
According to the Anti-Phishing Working Group (see
Resources Page), Phishing attacks
use 'spoofed' e-mails and fraudulent websites designed to fool
recipients into divulging personal financial data such as credit card
numbers, account usernames and passwords, social security numbers, etc.
By hijacking the trusted brands of well-known banks, online retailers
and credit card companies, phishers are able to convince up to 5% of
recipients to respond to them.
The Federal Trade Commission (see Resources Page)
points out that the emails pretend to be from businesses the potential
victims deal with - for example, their Internet service provider (ISP),
online payment service or bank. The fraudsters tell recipients that they
need to "update" or "validate" their billing information to keep their
accounts active, and direct them to a "look-alike" Web site of the
legitimate business, further tricking consumers into thinking they are
responding to a bona fide request. Unknowingly, consumers submit their
financial information - not to the businesses - but the scammers, who
use it to order goods and services and obtain credit.
How to Avoid Phishing Scams
The number and sophistication of phishing scams sent out to consumers
is continuing to increase dramatically. While online banking and
e-commerce is very safe, as a general rule you should be careful about
giving out your personal financial information over the Internet. The
Anti-Phishing Working Group has compiled a list of recommendations below
that you can use to avoid becoming a victim of these scams.
* Be suspicious of any email with urgent requests for personal financial
information
* Don't use the links in an email to get to any web page, if you suspect
the message might not be authentic
* Avoid filling out forms in email messages that ask for personal
financial information
* Always ensure that you're using a secure website when submitting
credit card or other sensitive information via your Web browser
* Consider installing a Web browser tool bar to help protect you from
known phishing fraud websites
* Regularly log into your online accounts
* Regularly check your bank, credit and debit card statements to ensure
that all transactions are legitimate
* Ensure that your browser is up to date and security patches applied
The FTC offers a web site (www.ftc.gov/spam)
to learn other ways to avoid email scams. They encourage victims to
report suspicious activity by filing your complaint at
www.ftc.gov, and then
visit the FTC's Identity Theft Web site (www.ftc.gov/idtheft)
to learn how to minimize your risk of damage from identity theft.
What To Do If You've Given Out Your Personal Financial Information
Phishing attacks are growing quite sophisticated and difficult to detect, even for the most technically savvy people. And many people are getting onto the Internet and using email or Web browsers for the first time. As a result, some people are going to continue to be fooled into giving up their personal financial information in response to a phishing email or on a phishing website. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, bank fraud, or identity theft. The web site of the Anti-Phishing Working Group carries explicit helpful advice (specific to United States laws). Go to http://www.antiphishing.org/consumer_recs2.htm to learn more.
Real World Examples
The examples are gripping, but a bit long for this publication. Go to (http://www.ftc.gov/opa/2003/07/phishing.htm) to read a report on an identity thief (a minor) who allegedly used hijacked AOL corporate logos and deceptive spam to con consumers out of credit card numbers and other financial data. Phishing is a two time scam,” said Timothy J. Muris, Chairman of the FTC, of this case. “Phishers first steal a company’s identity and then use it to victimize consumers by stealing their credit identities. This is the FTC’s first law enforcement action targeting phishing. It won’t be the last.”
Conclusion: Fighting Back
Fighting cybercrime is an effort that requires action on many fronts.
Certainly, those who make the software, hardware, and services we use
can and do lead efforts to make their products and services effective
and attractive. The Economist reports (see Resource Page) that Bill
Gates, the chairman of Microsoft, once made a habit of using his keynote
speech at Comdex, the computer industry's top annual trade show, to
launch his company's “next big thing”. But times have changed. Closing
loopholes exploited by viruses, worms and hackers, said Mr Gates, is
“the largest thing we are doing”.
Government organizations have devoted considerable resources to fighting
cyber crime, and educating themselves to fight cyber crimes.
Businesses can defend themselves first through education and awareness.
InfraGard and the Electronic Crimes Task Force are two good sources in
this regard. Once educated, businesses may turn to a wide variety of
specialized defensive services that are commonly available, or bring
that expertise into the company.
On the business front it is important to know where to look for
criminals. MSNBC reports what some identity theft experts have hinted at
for years -- the crime is largely the work of insiders. MSNBC reports
that, in a study of more then 1,000 identity theft arrests in the United
States, Michigan State professor Judith Collins has discovered that
perhaps as much as 70 percent of all identity theft starts with theft of
personal data from a company by an employee. (See
Resources page)
Parents also have a role and responsibility that is well described in
the Newsweek article “There's One More Talk You Need to Have” referenced
in the resources page.
LINKS
Anti-Phishing Working Group
http://www.antiphishing.org/index.html
Newsweek Magazine, via US Dept. of Justice
http://www.cybercrime.gov/onemoretalk.htm
If you liked Mfg.Trust, please forward it to a colleague in your company!
For questions, comments, or for NCMS Alliance Partners to request their own FREE subscription to Mfg.Trust, send e-mail to customercare@ncms.org
| Please check out these related sites | ||
|
|
|
|
|
Copyright 2004 |
||
