Fraud Alert: Phishing and Potential Business Impact

As one of the top cyber crime ploys impacting both consumers and businesses, phishing has grown in volume and sophistication over the past several years. The down economy is providing a breeding ground for new, socially-engineered attempts to defraud unsuspecting business people and consumers. With honest money-earning avenues less available, the cyber crime ecosystem is ready with off-the-shelf phishing kits. It no longer takes a hacker to enable and commit fraud on the Internet — anyone with a motive can join in.
The potential impact on a business can be great — whether an employee or its customers have been phished, or the company Web site has been compromised. Organizations need to stay current on the latest methods employed by cyber criminals and proactively take steps to prevent this type of fraud.
How Phishing Could Impact Your Business?

While the financial industry continues to be a primary target for phishers, it’s certainly not the only sector vulnerable to attack. Auction sites, payment services, retail, and social networking sites are also frequent targets. The APWG also reports a massive increase in attacks aimed at cell phone providers and manufacturers. In short, no business or brand is inherently safe.
Phishing attacks that pose as a company’s official Web site diminish the company’s online brand and deter customers from using the actual Web site out of fear of becoming a fraud victim. In addition to the direct costs of fraud losses, businesses whose customers fall victim to a phishing scam also risk:
  • A drop in online revenues and/or usage due to decreased customer trust
  • Potential non-compliance fines if customer data is compromised
Even phishing scams aimed at other brands can impact a business. The resulting fear caused by phishing can cause consumers to stop transacting with anyone they can’t trust.

Protecting Your Business

While there is no silver bullet, there are technologies that can help protect you and your customers. Many of the current phishing techniques rely on driving customers to spoofed Web sites to capture personal information. Technology such as Secure Sockets Layer (SSL) and Extended Validation (EV) SSL are critical in fighting phishing and other forms of cyber crime by encrypting sensitive information and helping customers authenticate your site.

Security best practices call for implementing the highest levels of encryption and authentication possible to protect against cyber fraud and build customer trust in the brand. SSL, the world standard for Web security, is the technology used to encrypt and protect information transmitted over the Web with the ubiquitous HTTPS protocol. SSL protects data in motion which can be intercepted and tampered with if sent unencrypted. Support for SSL is built into all major operating systems, Web browsers, Internet applications and server hardware.

To help prevent phishing attacks from being successful and to build customer trust, companies also need a way to show customers that they are a legitimate business. Extended Validation (EV) SSL Certificates are the answer, offering the highest level of authentication available with an SSL Certificate and providing tangible proof to online users that the site is indeed a legitimate business.

EV SSL gives Web site visitors an easy and reliable way to establish trust online by triggering high security Web browsers to display a green address bar with the name of the organization that owns the SSL Certificate and the name of the Certificate Authority that issued it. Figure 2 shows the green address bar in Internet Explorer.

The green bar shows site visitors that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standard. Phishers can then no longer capitalize on visitors not noticing they are not on a true SSL session.
While cyber criminals are becoming adept at mimicking legitimate Web sites, without the company’s EV SSL Certificate there is no way they can display its name on the address bar because the information shown there is outside of their control. And they cannot obtain the legitimate company’s EV SSL Certificates because of the stringent authentication process.

Consumer and Employee Education:

In addition to implementing EV SSL technology, businesses should continue to educate their customers and employees on safe Internet practices and how to avoid cyber fraud. Teach them how to recognize the signs of a phishing attempt such as: misspellings (less common as phishers become more sophisticated), generic greetings instead of being personalized, urgent calls-to-action, account status threats, requests for personal information, and fake domain names/links.

Also educate your customers and employees on how to recognize a valid, secure Web site before they provide any personal or sensitive information by:
  • Looking for the green bar
  • Making sure the URL is HTTPS
  • Clicking on the padlock to match the certificate information with the Web site they intended to go to
Education is a key component of building the trust necessary to overcome phishing fears. By helping your customers understand how to confirm they are safe on your Web site, you can grow revenues, differentiate your offering, and/or benefit from operational savings by moving more transactions online.

Phishing will continue to evolve into new forms, while attempting to take advantage of human behaviors such as compassion, trust, or curiosity. Protecting your brand and your business from phishing requires constant diligence, but pays rewards beyond reduced fraud losses.

By educating and protecting your customers with the highest levels of protection provided by EV SSL Certificates, your business can ensure customers have greater confidence in your online services. By demonstrating leadership in online security, you can broaden your market appeal and in doing so, generate new revenue streams.

For more information visit:


Post a Comment

Related Posts Plugin for WordPress, Blogger...


Twitter Delicious Facebook Digg Stumbleupon Favorites