Organised crime gangs plan sophisticated attacks on businesses
By Steve Ranger
Published: 22 April 2005 10:55 GMT
Organised crime gangs are developing phishing attacks against corporate networks in an attempt to steal passwords and sensitive information.
Some fraudulent emails pretend to be messages from a company's network administrator asking its users to update their passwords. But unwary users clicking on the link in the fake email may be giving their login details to fraudsters, who are then free to use them to access business systems.
And Anne Bonaparte, chief executive of email security company MailFrontier, said that gangs are using sophisticated directory harvest attacks to identify new employees in businesses.
The phishers then pose as payroll providers and try to use the information they have harvested to get yet more personal details from a company's HR department.
"This is a very sophisticated corporate phish – we are beginning to collect some very serious ones. As these phishers get more sophisticated this is the way it is going. There is a lot of money to be had here," said Bonaparte.
Organised crime is targeting businesses rather than consumers because the rewards can be greater.
"There's no shortage of bad guys trying to get in," she said. "They are very opportunistic, because the motive is money."
Bonaparte said people now find it hard to tell legitimate and spoof email apart.
Of the 25,000 people in the UK that have taken MailFrontier's phishing test, 18 per cent incorrectly identified phishing email as legitimate, and 46 per cent identified legitimate email as phishing spam.
"There is a danger that people are pulling away from taking action by email. People are confused and more education is required," she added.
Elizabeth Robertson, solicitor at law firm Jones Day said that phishing is a new form of old crimes: "They are sophisticated frauds, thefts and embezzlements," she said. But because fraud is tremendously difficult to stand up in court, one way to bring the law to bear on phishers may be to use the Data Protection Act over their misuse of personal information – in the same way that tax law was the easiest way to bring Al Capone to justice, she said.
Jeremy Beale, head of the e-business group at the CBI said that phishing is a serious issue for business: "Spam was a pain, but it didn't really hit the bottom line – phishing really does go to your bottom line. Companies are dependent on the internet so pulling the plug is not really an option."
Retail and Finance are identified and addressed with appropriate messages through effective channels such as website, direct marketing, exhibitions ...
Duties include managing finance/ Admin teams, compiling weekly and monthly orders report, providing accurate and timely month/ year end reporting, as ...
SAP Data Protection Act Gap Analysis Consultant required for a short term project working within the public sector. The project will involve a review ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech