The growth in online shopping and banking has been matched by increasingly widespread risk. Phishing emails that point recipients to a bogus (or "spoofed") website that looks like the real thing have become more and more insidious. Their aim is to trick users into divulging their usernames, passwords and other confidential information that the perpetrators can then use to commit all kinds of crime based on identity fraud.
More than just Citibank, eBay and PayPal
Perpetrators are looking for more than just bank account information. Originally targeted at well-known financial institutions, phishing now has a more diverse range of victims. Institutions like Citibank, eBay and PayPal have been joined by a host of social networking and gambling websites.
The risk to business and other organizations is clear: stolen information can seriously undermine an organization's online reputation, bringing considerable risk to its operations and potentially resulting in legal liability.
Be aware of new tricks like vishing and phaxing
The difficulties lie both in recognizing these spoofed websites, most of which are almost impossible to distinguish from genuine ones, and in keeping up with the latest tricks. As computer users become more savvy about phished URLs, cybercriminals have come up with more tricks.
In "vishing", or voice phishing, scammers use VoIP to build bogus switchboard systems, mimicking those of online organizations. They then spam out emails claiming to come from those companies, but rather than including a link to a bogus website, they instead provide a phone number. Similarly, “phaxing” emails tell the recipient to fax back a form with banking and other details.
The prevalence of phishing and email fraud has made people wary of giving out personal information online. Mistakenly, we trust fax and phone numbers because we don't think fraudsters will bother with the effort and cost needed to set them up.
Protect yourself against phishing
Protecting your organization from being phished, and individuals from falling prey to such attacks, relies heavily on education and best practice. But this is not enough.
Uncovering over 15,000 new phishing websites each week, experts in SophosLabs™ carry out round-the-clock analysis developing proactive protection against the latest scams. The Sophos PhishAlert Service will alert you if your website has been phished.
Using reputation filtering and Behavioral Genotype® Protection, our email solutions block unwanted email while our web appliance blocks access to phishing and malware hosting sites.