Marshal * phishing

marshal_logo.jpg

Enterprise Gateway Anti-Phishing

Phishing is the process of tricking unsuspecting customers of a business into imparting their confidential information for illegal use. It typically involves sending a false email to a customer, claiming to be from a legitimate business that the customer has had prior dealings with. The email scams the customer into surrendering private information that will be used for identity theft. The phish email directs the user to visit a bogus Website that mimics the look of the legitimate business the customer normally deals with. On the bogus site, they are asked to update their personal information (such as passwords, credit card, social security, and bank account numbers). There is a strong social engineering factor in the success of the phishing attacks.

According to a study by Gartner, 57 million Internet users in the US have received a phishing email - 1.7 million of these have fallen victims to the scam.

With the increased use of e-commerce, phishing exploits are expected to increase sharply. Phishing attacks cause damage in two ways: (1) they have the potential to inflict severe monetary and data loss due to fraudulent use of the harvested information and (2) phishing undermines consumer confidence in online commerce.

Lucrative Enterprise

The boom in online financial transactions has made phishing a very lucrative method of attack for scammers. The risk-to-reward ratio for phishing attacks is very favorable for the attacker. The cost and ease of sending emails and setting up a web presence are trivial. The fact that so many millions of people can be targeted makes it worthwhile, even with low hit rates (the same mind-set that spammers follow). Even if less than one percent of the targeted victims respond, phishing emails can be very productive. In addition, prosecuting the perpetrators of phishing attacks has proven to be difficult.

Information stolen from phishing victims is used in various ways by the criminals, with the most common uses being:

  • victims' credentials may be used for unauthorized transactions
  • legitimate users may be denied access to their own assets
  • attackers can sell users' personal information for criminal purposes

Methods of Attack

Fake emails and bogus Websites are the most common phishing tools. Phishing emails usually look as if they came from the genuine organization and trick the user into divulging their passwords and account details. The emails are typically official-looking, HTML-based emails. Attackers uses HTML because it is useful in obfuscating the actual URL. The email sender is, of course, fake and open mail relays disguise the email's actual source. These emails direct users to a legitimate-looking URL where the attacker is able to collect information.

Protection at the Gateway

The Marshal Content Security solution provides enterprise gateway protection from phishing through both email and web-based content security filtering. This prevents unauthorized email and web content from entering your organization.

For more information about phishing visit:

Copyright (c) 2008 Secure Networks (UK) Ltd. - IT Security Specialists | Privacy Statement | Terms Of Use | Site by Site-Simple