Magazine article Security Management
Phishing for Trouble
This month, a man named Matthew Guevara will be sentenced in federal court for wire fraud. Guevara pleaded guilty in August to creating an unauthorized Web site made to look like an official Microsoft site, with an address (www.msnbilling.com) that deepened the illusion. Guevara then sent spam directing recipients to the bogus site, where they were asked to verify their accounts by providing their name, MSN account number, and credit card information. The victims' credit card information was then used by Guevara and another person.
This scam, known as "phishing," is on the rise, and in recent months scammers have targeted banks (including Bank of America and Barclays), online auction site eBay, and retailer Best Buy. Even the FBI is not immune: scammers recently put up a realistic-looking FBI Web sire in an effort to collect credit-card information (they said that cardholders could enter their card numbers to see whether that card had been compromised).
The Web addresses often appear upon initial examination to be legitimate, and the fraudulent sites are extraordinarily realistic, thus making it easier for the perpetrators to trick consumers into entering their sensitive personal information.
So what can companies do to make sure no one is using their good name to phish for confidential data? Ariana-Michele Moore, an analyst with Celent Communications. says that the best--and perhaps the only--option is to monitor the Web looking For suspicious knock-off sites, which is an enormous task.
"Certainly when it comes to monitoring the Web, it's good to outsource." she explains, because of the huge number of constantly changing sites on the Internet. "Take advantage of services that scour the Web for spoof sites."
One such company is Cyveillance, in Rosslyn, Virginia. Chief marketing officer Rich Moore says that the company fights spoofing in several ways. "A lot of online fraud originates in spam." Moore says, so Cyveillance technicians subscribe to, rather than complain about unsolicited e-mail, looking for product or company mentions. …