How to Circumvent Phishing & Pharming!

Spread it!

Email This

A hurricane strikes the coast leaving behind millions of dollars worth of damage and thousands of homeless people. You wish you could do something to help. Then you check your email. It’s as though someone read your mind -- there in your inbox is a request for donations through a very well-known and highly reputable charity. A picture of a family in front of their demolished home stares back at you as you type in your credit card number. The hurricane was real but the charity was being impersonated. You’ve been phished.

You polish your resume and post it on a leading career site. As you hold your breath waiting for a call for an interview you check you email. In your inbox you find an amazing offer for an interview suit from your favorite clothing company. It says the deal is given as a thank you to those who sign up for the career site you just joined. You click the embedded link to check out the offer. You recognize the clothing company’s logo and slogan. It looks just like the site you’ve visited time and time again, so you browse through a handful of suits before you enter the color, style and size you want. Then you punch in your credit card number. You never receive the suit because you didn’t visit the website of your favorite clothing company. The website was pharmed and you’ve been phished

You work for a major online retailer and take pride in the fact that yours was one of the first sites to offer secure purchasing transactions. Your organization has been encrypting your clients’ credit card numbers for years, so you feel sure that your customers will never experience online fraud through any transaction they have with you. Then you find out hundred of your clients have been scammed by making a purchase through your site. It turns out that your organization’s database was hacked and the criminals stole lots of information on your clients – names, mailing addresses, email addresses and dates of last purchases. But, you wonder how they managed to get encrypted credit card numbers from your network. They didn’t. They emailed your customers an urgent message saying that there was a problem with the credit cards they used to order from your site and they need to re-enter them. The criminal provided an imbedded link that took them to a web page that looked just like the payment page on your site. The webpage was pharmed, your clients have been phished and your organization has a lot of cleaning up to do.

Top Three Ways to Help Prevent Online Fraud

1. Education

The best line of defense is informed clients. Be sure to educate your consumers in what warning signs to look for and how to report suspected phishing. One way to do that is to dedicate a page on your Web site to online fraud. The page should be easy to find on your site and include a number to call if they suspect they’ve become victimized. Such a page is also a great place to remind you clients of the age-old saying, “If it’s too good to be true then it probably is.”

Make sure ALL of your employees understand what phishing, pharming and online fraud are and what your company does to prevent them. Also, make sure your front line/customer service people know what to say to clients in the event of an attack. This can be accomplished through training sessions and/or by having a script prepared for them to read in the case of an attack.

2. Security

Email addresses are increasingly becoming as valuable as Social Security numbers. As such, your clients expect you to this information much in the same way. You should communicate with clients security measures in place to protect their personal or account information – including email addresses.

In order to recover from an attack it is imperative that your consumers know how diligently you work to protect their data. Anything that contains any customer information should have an audit trail.

3. Preparation

With phishing attacks on the rise and immunity provided for no one, it’s best to assume that your organization will get hit. You can help soften the blow by creating a crisis plan before you ever become a victim. A good place to start is in drafting an email that you could send to your clients to warn them when you are attacked.