| The history of phishing has proven to be long and | | | | protecting their customers. This becomes a major |
| successful one. Phishers took advantage of internet | | | | problem because the banking and financial business is |
| users during a time when the notion of email and the | | | | a prime target for phishers to impersonate. Therefore, |
| internet was still new and exciting, while the notion of | | | | these companies, especially, should take the time to |
| security was nonexistent. As naïve users opened | | | | set up security expectations and normalize security |
| up emails from banks asking them to verify, validate, or | | | | processes. If not taken seriously, the brand will slowly |
| confirm account information, never did they stop to | | | | deteriorate and cease to exist, due to company |
| think that the emails were fraudulent. Now, recent | | | | inaction - a sure fire way to lose revenue. |
| phishing attempts have shifted to calling customers by | | | | If companies are merely relying on a message at the |
| phone with an automated message directing the | | | | bottom of an email stating: "This is a legitimate email |
| customer to provide their account information. This | | | | from CitiBank" to gain customer trust, there is nothing |
| concept is known as "vishing". | | | | that will stop a phisher from displaying the same |
| Many of these incidents have undoubtedly occurred | | | | message at the bottom of their emails. Safer practices |
| due to customer ignorance. However, that explanation | | | | must be implemented in order to identify their email as |
| can only go so far. Security Focus reports that the | | | | legitimate. This includes setting up new standards for |
| Anti-Phishing Working Group found that "23,670 total | | | | sending email using email encryption tools, and then |
| phishing websites [were] used to commit identity theft, | | | | familiarizing these standards with customers. |
| fraud and other malicious activity in July 2006" alone! | | | | If encryption and email anti-theft solutions were applied |
| When are businesses going to start taking some | | | | to send information safely and securely, a customer |
| responsibility for this large number and realize that they, | | | | would have no reason to wonder if the email is a |
| too, play a part in the big picture on how to protect | | | | legitimate one, nor would they have to worry about |
| consumers from phishing fraud? | | | | others peeking in on their personal information while it is |
| As an internet user, all I hear constantly is to be weary | | | | being transferred from inbox to inbox. In addition, a |
| of fraudulent emails. "Your bank will never ask you for | | | | financial firm or bank can remain confident, knowing |
| your account information over email." Sound familiar? | | | | that they are doing their utmost to protect client data. It |
| All we can do is protect ourselves by not giving away | | | | is only when these processes are in place that the full |
| our information. But in this day and age, where | | | | capabilities of email can be put to use without having |
| everything has gone digital, it is extremely inconvenient | | | | to worry about data interception. Direct solutions such |
| and difficult to not partake in the new technologies that | | | | as these would gain a company much respect and |
| are meant to make our lives easier. It seems | | | | customer loyalty. |
| impractical to setup a feature like online banking, and | | | | Unfortunately, many companies still believe that putting |
| then have customers not use it because it's | | | | up a firewall and installing spyware is all they need to |
| unprotected. | | | | complete the security paradigm. But that is only the |
| An IRM study reported in ZDNet, investigated 18 banks | | | | beginning. Different forms of data encryption and |
| and their security measures for online banking and | | | | multiple forms of user authentication must be put into |
| other technical procedures. Results showed that all of | | | | place. This will not only prevent external attacks but will |
| the banks "failed to provide customers with | | | | also mitigate internal threats that may exist within the |
| supplementary authentication tools beyond usernames | | | | company. And even after all is said and done, the |
| and passwords. It said 13 of those banks were | | | | company employees must be firm and dedicated in |
| susceptible to long-term hacking attacks through the | | | | enforcing the new level of benchmark security. |
| use of password-stealing programs and identity theft | | | | In the end, it can be assumed that the phishing and |
| scams". The response of The Association of Payment | | | | vishing industry will continue to expand as long as |
| and Clearing Systems (APACS) to the findings was | | | | profits still exist in the business. Even as this particular |
| one of defense, claiming the study was inaccurate and | | | | threat disappears, another one will be there to take its |
| skewed. | | | | place. The security holes will not go away by |
| The study results not only show an astounding rate at | | | | themselves and the longer companies wait to jump on |
| which companies are not implementing necessary | | | | the bandwagon, the longer it will take to catch up. Don't |
| security measures to safeguard customers, but it also | | | | be left in the dust. |
| shows APACS lack of interest and dedication to | | | | |