Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. ·...

14
Phishing and Identity Theft WHITE PAPER

Transcript of Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. ·...

Page 1: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Phishing and Identity Theft

WHITE PAPER

Page 2: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

TABLE OF CONTENTS

Phishing – Don’t get caught hook, line and sinker! 3

Should we stop sending emails? 6

What should senders do? 7

Educate your customers on how not to get hooked? 9

Other terms you need to know 10

In conclusion 12

Additional reading on phishing and email deliverability 13

Page 3: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

PHISHING – DON’T GET CAUGHT HOOK, LINE AND SINKER!

Today email is the most common form of business communication. It has surpassed the fax and postal mail, and is

now relied upon for critical communication thanks to its ease of use, speed and low cost. Email is used for

everything from financial instructions, to sending contracts and legal documents, to sharing confidential

information.

Many of these communications have a link to a webpage to login or retrieve further information. This has made

email a target for fraudsters.

Phishing is the act of attempting to acquire information such as usernames, passwords and banking details (and

sometimes - indirectly - money) by masquerading as a trustworthy entity in an electronic communication.

Share this White Paper

Page 4: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

There are three different levels of sophistication evident in the fraud attempts seen.

1 Spray Phishing: the most basic of email fraud, involves blasting out a generic spam mail to every email

address the fraudsters can find. For example, emails informing you that you've won a lottery, or that you

could be a beneficiary, or could stand to inherit some money. The catch is that you need to supply your

details and possibly produce a down payment of some kind in order to collect the funds. There is no

personalization or branding in the email, and often there are spelling and grammar mistakes.

It's a numbers game; if the fraudsters distribute enough email, they are bound to find someone who will fall

for the scam. Most often, the victims are new Internet users who are excited to receive an email and

innocently respond, allowing the scam artists to open up a dialogue.

2 User Phishing: a bit more sophisticated, the email comes from a recognizable brand and requests a

legitimate sounding action from the recipient. Banking brands in particular have been targeted with these

scams, as fraudsters become increasingly good at copying legitimate communications in order to dupe the

Bank's clients.

We have seen emails that are perfect replicas of valid bank communications, ranging from the graphics and

web links to the wording. The only difference is that when you click on the link to complete the "action”, you

land on a fraudulent web page.

Share this White Paper

Page 5: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

3 Spear Phishing: the most sophisticated type of scam to emerge which targets specific individuals or

organizations. The criminals behind the scam have done their homework and know enough about the target

to appear legitimate. Using social networking sites, free email services and any other information they can

find on the Web, the fraudsters craft a customized communication that they target at a specific individual.

The email may be addressed to you by name, it may contain information about someone you know and it will

most certainly ask you either for money (to bail out a friend in trouble), to input your banking information, or

just to open up a dialogue.

Share this White Paper

Page 6: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

SHOULD WE STOP SENDING EMAILS?

Definitely not! Email has become a standard in communication with most companies sending customers emails. If

a company doesn’t send any emails, the customer will not be familiar with its branding and won’t suspect a

phishing email if one arrived. When an email arrives purporting to come from the service provider, they eagerly

open, read and follow the instructions expecting it to be legitimate.

Phishing scams are based on this principle. Phishers’ use of email as a communication tool is assisted by the fact

that some companies have chosen not to use the VERY same channel that phishers use for comparative education.

As a result, the client is left totally defenseless in identifying a phishing email.

The paradigm shift thinking is that companies should not STOP sending email, but should send MORE email in a

structured, defined and identifiable manner.

By communicating more frequently by email, the consumer can be educated about how to identify a phishing

email, thus significantly reducing successful phishing attacks.

Share this White Paper

Page 7: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

WHAT SHOULD SENDERS DO?

Unfortunately there’s no way to stop phishing, but there are a number of ways that we can ‘raise the bar’ to

minimize the risks.

Here are some steps to prevent phishing attacks:

1 Educate your customers: While it’s important to ensure that you use consistent branding in all your email

communications, fraudsters are getting smarter about replicating these. Educating your customers to

recognize your emails is one of the most powerful ways to protect them from phishing attempts. Look for

alternative ways to help them identify your legitimate email.

2 Personalization: “Dear Keith” is better than “Dear Valued Customer” because generic greetings are an easy

way for a fraudster to recreate a company’s style.

3 Customer verification data: Consistently include verification data in every email communication. Your

customers’ name, partial account number, partial address or postcode are all easy for a legitimate company

to include in the email body, but impossible for a fraudster. Educate your customer that your emails will

always have verification data, so any phishing email becomes instantly recognizable.

4 Sender Authentication: Make use of the various security features available to identify yourself as a valid

sender, such as DKIM, DMARC and SPF. These mechanisms help the ISPs to further authenticate the email

and minimize the risk of it ending up in a spam folder.

5 Attach: Rather than asking your customer to fetch documents from a website simply attach them to the

email communication. Phishing relies heavily on linking (or pulling) consumers to a fraudulent website to

compromise their identity. The inherent nature of the "Push" methodology significantly enhances the level of

protection offered.

6 DMARC: Domain-based Message Authentication helps the prevention on Domain Spoofing which is a major

component of Phishing emails.

Share this White Paper

Page 8: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

Share this White Paper

Page 9: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

EDUCATE YOUR CUSTOMERS ON HOW NOT TO GET HOOKED?

Companies can educate their customers to follow these key guidelines. Read on to ensure you do not become a victim

Share this White Paper

Page 10: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

OTHER TERMS YOU NEED TO KNOW

Pharming

Pharming is another scam where a hacker installs malicious code on a personal computer or server. This code then

redirects clicks you make on a Web site to another fraudulent Web site without your consent or knowledge.

Vishing

Unfortunately, phishing emails are not the only way people can try to fool you into providing personal information in

an effort to steal your identity or commit fraud. Criminals also use the phone to solicit your personal information. This

telephone version of phishing is sometimes called vishing. Vishing relies on “social engineering” techniques to trick you

into providing information that others can use to access and use your important accounts. People can also use this

information to pretend to be you and open new lines of credit.

Share this White Paper

Page 11: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

Smishing

Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text will contain an URL or

phone number. The phone number often has an automated voice response system. And again just like phishing, the

smishing message usually asks for your immediate attention.

Share this White Paper

Page 12: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

IN CONCLUSION

One has to grudgingly admire the tenacity, creativity and gumption of the phishing world. For them the stakes are high, and

the potential rewards means their attacks will never diminish.

Don’t ignore the problem. Today there are proven, readily available solutions, all of which have been highlighted in this paper.

If all steps are taken to minimize the risk of phishing attacks, then the number of successful attacks will be reduced

dramatically.

Share this White Paper

Page 13: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY Solution Overview: Striata Anti-Phishing Protection Striata Authentication and Trust Secure Document Delivery Solutions: Electronic Document Delivery Follow these bloggers for more advice on eBilling, eMarketing and Secure Document Delivery

Linda Misauer: Head of Global Solutions

Linda Misauer is the Head of Global Solutions at Striata and is responsible for technical Research and Development, Operations and Project Management for global initiatives.

Keith Russell: Sales Director, Asia Pacific

Keith Russell is the Sales Director of Striata Asia-Pacific. Keith has over 20 years experience in the IT industry, moving from software development and analysis roles into Sales and Account Management Nicola Els: Commercial Director, SA Nicola is the Commercial Director of Striata South Africa, focusing on all business development related activities spanning retention and new business

Page 14: Phishing and Identity Theftv2.itweb.co.za/whitepaper/Striata_130319.pdf · 2013. 3. 19. · ADDITIONAL READING ON PHISHING AND EMAIL DELIVERABILITY . Solution Overview: Striata Anti-Phishing

Striata Secure PDF EBPP

About Striata Striata unlocks the power of email and mobile messaging Our electronic delivery solutions dramatically increase customer adoption of paperless bills, statements, policies, marketing and other high volume system-generated documents. The world’s largest financial services, utility, insurance, retail and telecommunications companies achieve unrivalled results by replacing print and mail with Striata’s interactive electronic documents and transactional messages. Striata’s enterprise platform, strategy and support services: drive significant paper suppression deliver ongoing cost savings accelerate payments enhance the customer experience enable regulatory compliance Our comprehensive solutions expand the digital dialogue through personalized customer lifecycle messaging, retail receipts, notifications and alerts. A global paperless communications specialist with over a decade of experience, Striata has operations in New York, London, Brussels, Johannesburg, Hong Kong, Sydney and partners in North and South America, Europe and Asia Pacific.

EBILLING, EMARKETING AND SECURE EDOCUMENT DELIVERY

NEW YORK LONDON SYDNEY JOHANNESBURG HONG KONG

48 Wall Street 88 Kingsway 5/9-11 Knox St 158 Jan Smuts Ave 20th fl, Central Tower

Web: www.striata.com Suite 1100 London Double Bay, Sydney Rosebank 28 Queen’s Road

NY, 10005 WC2B 6AA NSW 2028 JHB, 2196 Central

Email: [email protected] USA United Kingdom Australia South Africa Hong Kong

T: +1 88 88 USAPAY T: +44 207 268 3941 T: +61 (2) 9363 9655 T: +27 11 530 9600 T: +852 2159 9450