TMCnet News

Privacy Inc. Has a Solution for Devastating Phishing Attacks
[June 23, 2005]

Privacy Inc. Has a Solution for Devastating Phishing Attacks


A new twist on phishing targets corporations rather than individual consumers.

By TED GLANZER
TMCnet Communications and Broadband Columnist

Just when you thought it was (relatively) safe go back on the Internet, comes a new form of phishing. Stronger. More destructive. Deadlier – okay that may be stretching things a bit.

Still, there is a new twist on phishing that targets corporations rather than individual consumers; for a company that is victimized by one of these scams, the consequences are severe.

“Think of it as a simple was of gaining access to a corporate network without hacking,” said Phyllis Kramer, vice president of Privacy Inc. “Social engineering works; just think how easy it is.”

Indeed, imagine you’re at work and a pop-up appears on your screen from someone claiming to be the CTO of your company. The pop-up requests your user name and password to update his files. Being a good corporate employee, you comply, only to find out that the pop-up was from a phisher, not an upper level executive.



Using the information to get into a company’s network, the phisher could have access to sensitive data such as health care, customers, stockholders, transactions with other companies, and even intellectual property.

“Once they get the keys to the kingdom, you’re really at risk,” Kramer said.


With the possibility of vast security breaches, the result could spell the end of the wide-ranging Internet as we know it.

“The beauty of the Internet is that it’s so open,” Kramer said. But she added: “The danger of the Internet is that it’s so open.”

Various states have responded by forcing corporations to act through passing strict laws that require companies to notify their employees if their personal information has been compromised, according to Kramer.

Corporations have also taken steps on their own to prevent phishing disasters by launching honeypots - traps set to detect attempts at unauthorized use of information systems.

One of the biggest holes for a company’s – or even an individual’s for that matter – security is e-mail.

No matter how effective firewalls and security measures are, e-mail gets through, Kramer said.

Kramer said that traditional spam blockers aren’t effective because of false positives – e-mail that is identified as spam even though it is legitimate.

False positives have cost businesses $3.5 billion, Kramer said, describing several horror stories including one where a small company missed an order because the e-mail message was designated as spam instead of passing through the filter.

Privacy Inc. offers a product, Opaque, which is designed to reduce on-line fraud, protects company’s brand, guards corporate assets, mitigates regular risks, and reduces bottom-line costs.

Opaque works by “unlisting” a user’s e-mail address and setting up virtual e-mail addresses, according to Kramer.

Essentially, it enables the user to gain control of his or her in-box as to what gets through without risking security or false positives.

A one-year subscription to Opaque costs $39.95. For more information, log on to www.privacyinc.com.

-----

Ted Glanzer is assistant editor for TMCnet. For more articles by Ted Glanzer, please visit:

http://www.tmcnet.com/tmcnet/columnists/columnist.aspx?id=100033&nm=Ted%20Gl
anzer

[ Back To TMCnet.com's Homepage ]