|By Peter Silva||
|October 30, 2016 01:00 PM EDT||
Phishing has been around since the dawn of the internet. The term was first used in an AOL Usenet group back in 1996 but it wasn’t until 2003 when many baited hooks and lures started dropping. Popular transaction destinations like PayPal and eBay were some of the early victims of these spoofed sites asking customers to update their personal and credit card information. By 2004, it was a full-fledged ‘get rich quick scheme’ with many financial institutions – and their customers – as targets.
Oxford Dictionary defines Phishing as, ‘The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’
You’ve seen it, the almost perfect looking email with actual logos, images and links to a reputable company only to have it go to a slick looking replica complete with a login form. If you aren’t paying attention and do enter your credentials, you’ve just given a crook access to your money.
The Anti-Phishing Working Group (APWG) reports a 250 percent jump in the number of detected phishing websites between October 2015 and March 2016. More than in any other three-month span since it began tracking back in 2004. That’s around 230,000 unique phishing campaigns a month. And as recent as last week, American Express users were hit with a phishing email offering anti-phishing protection. Go figure. If you clicked the link, you were taken to a bogus Amex login page which asks for all the important stuff: SSN, DoB, mother’s maiden, AMEX number plus security code and a few other vitals.
When complete, you’ll be redirected to the authentic site so you think you’ve been there all along. That’s how they work their magic. A very similar domain URL and all the bells of the original, including the real customer service 800 number.
You can combat it however.
If you are configuring malware protection for the login and transaction pages for a financial application, it’s as simple as adding an Anti-Fraud profile to your VIP.
First, you create an anti-fraud profile:
Then indicate which URL should be watched and the action:
Then enable Phishing detection:
And when a phishing attach occurs, both the domain and the username of the victim get reported to the dashboard :
This tiny piece of code will dramatically reduce fraud loss and retain the most important asset in business—customer confidence.
Don’t get fooled by a faker.
- DDoS Mitigation | @CloudExpo @WebairInc #IoT #Cybersecurity #DataCenter
- Should You Fear #ArtificialIntelligence | @CloudExpo #BigData #IoT #AI #ML
- When Things Attack! | @ThingsExpo #IoT #M2M #API #Security
- Cloud Is Now Seen as a Way to Better Security | @CloudExpo #Cloud #Security #DigitalTransformation
- What Is Ransomware and How Cloud Security Mitigates It | @CloudExpo #Cloud #Security #MachineLearning
- How to Turn Your Microwave into a Camera | @ThingsExpo #IoT #M2M #Security
- Cloud Expo New York Speaker Profile: Dave Linthicum – Cloud Technology Partners
- Don’t forget to register for FOSE 2013
- Streamline Health® Engages KPMG as Its New Independent Registered Public Accountants
- Red Hat U.S. Public Sector Chief Technology Strategist to Speak at NC Datapolooza
- Best CIO Practices Shared from SHI’s Customers
- Cloud Business Solutions, Social Media, and Platform Systems of Engagement Market Shares, Strategies, and Forecasts, Worldwide, 2013 to 2019
- DEvOps and SDDC Among Top 10 Strategic Technology Trends for 2014
- Application Server Market
- Commander of U.S. Cyber Command and National Security Agency Director, General Keith Alexander, To Keynote Day One of Black Hat USA 2013
- Cloud Computing: Rethinking Control of IT