Phishing a Significant Security Concern for Small and Medium-Sized Businesses

Theft of SS Numbers

As more small and medium-sized businesses make use of online services including email, banking, credit card merchant account management, or the manaagement of their company's website, thethreat of online identity theft or "phishing" may grow into a significant security concern for these businesses. In fact, according to the Anti-Phishing Working Group, a consortium of more than 1000 firms, including a majority of the top U.S banks and ISPs, phishing reports doubled from November 2004 through November 2005 from 8975 to 16882. In addition, the use of password stealing software applications used along with email phishing attempts quadrupled from 260 instances in April 2005 to 1044 in November 2005.

Furthermore, according to a survey conducted by the FBI with over 2000 organizations, 64 percent suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million just for those surveyed. In addition, the overall cost to Americans through identity theft reached $52.6 billion in 2004 compared to only $1 billion in telecommunication fraud. The survey also reveals that computer theft and computer-based financial fraud ranks second behind worm, virus and Trojan horse computer threats.

What is Phishing

The term “phishing” comes from the analogy that Internet scammers use email as bait to fish for password and financial data from the sea of Internet users. Since hackers have a tendency of replacing "f" with "ph,” the term phishing was derived. The term has also evolved over the years to include not only obtaining user account details but also access to all personal and financial data.

In practice, phishing is a form of Internet fraud that aims to steal valuable information such as credit card or social security numbers, user IDs and passwords. Generally, a fake website is created almost identical to that of a legitimate organization, typically a financial institution such as a bank, credit card or insurance company. An email is sent requesting that the recipient visit the fake website and enter their personal details, including security access codes and account information.

The Threat to Small and Medium-Sized Businesses

In the results from a survey conducted by Trend Micro, a provider of network antivirus and Internet content security software and services, 43 percent of respondents have experienced an email-based phishing threat and half of all U.S. businesses with less than 500 employees have encountered phishing at work. The survey goes on to state that at least one-third of these respondents said they lost personal information, experienced drop-offs in productivity or were victims of identity theft; one-fifth said they also lost company information. Respondents also reported the most increases in phishing attacks were among small-business users.

What Do Phishing Scams Look Like



Legitimate links go to Spoofed sites

Over the last few years, phishing scams have become more and more sophisticated. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing e-mail messages look even more believable, the scam artists may use legitimate links that appear to go to the actual financial institution’s website, but actually take you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the phishers. They then have the ability to use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.
While there is no one solution to protect against phishing attempts, businesses should use and keep up-to-date antivirus and spyware protection as well as spam blocking software. In addition, businesses are urged to take great care when receiving email from insurance, credit card companies or banks, as few genuine financial institutions use email to communicate in this manner. Consider outsourcing. While ISPs offer security services for companies, a professional managed services provider can tailor their services specifically for the small and medium-sized business, providing similar levels of IT support previously found only in large companies.

Are you concerned about the secuity of your data?  Call TeamLogic IT at 650.204.3150 for a free consultation.  We use only the best tools available and can monitor your systems 24x7.  Whether it is virus protection, intrusion prevention, insuring regulatory compliance, or helping your company to establish and document your security policies, our trained security experts can help you through whatever security concerns you have.

Taking the worry out of your technology.