 |
 |
| |
Skype Spyware Discovered
ISSUE 18, December 2006
It's All About the Virtual Money
ISSUE 17, December 2006
Latest Threat: The Medbot Menace
ISSUE 16, November 2006
Latest threat: Wikipedia attack
Introduction to Web Threats: What They Are and Why You Should Care
ISSUE 18, December 2006
All About Botnets: Part 2 - How Botnets Grow, Communicate and Evade Detection
ISSUE 17, December 2006
All About Botnets: Part 1 — Attacking and Command and Control Behavior
ISSUE 16, November 2006
Attack of the Video codecs
2007 Threat Forecast
ISSUE 18, December 2006
The 2006 Threat Landscape in Review
ISSUE 17, December 2006
Protecting Your Info: Threats and the Underground Economy
ISSUE 16, November 2006
Phishing protection best practices
Tell us what you think
ISSUE 18, December 2006
Tell us what you think
ISSUE 17, December 2006
Please give us your opinion
ISSUE 16, November 2006
We value your opinion.
What's New: Protect Your Valuable Computer Files
ISSUE 16, November 2006
Premium Support Services Webinar
ISSUE 15, November 2006
Premium Support Services Webinar
ISSUE 14, October 2006
Some Video iPods ship with Windows virus
|
|
|
 |
 |
Issue 16 | November 16, 2006 |
|
 |
| |
 |
|
| |
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
Phishing protection best practices
November 16, 2006
In the past six months Trend Micro's content filtering group examined over 6.5 million samples of spam, and discovered that between 3 and 8 per cent of them were related to phishing or other attempts at crimeware. That's one phishing attempt for every thirteen spam mails received!
What can organizations and individual users do to protect themselves against phishing attacks?
"Businesses and end users who adopt phishing protection best practices can realize numerous benefits," according to Dave Rand, chief technology officer of Internet Content Security at Trend Micro. "Following such practices can reduce exposure to fraudulent e-mails and Web sites, and avoid financial losses. Businesses employing these best practices can also help increase their overall customer confidence, avoid litigation, protect their brand reputations, and avoid damage to costly IT systems. Consumers can defend their personal and financial reputations, which can be seriously damaged as a consequence of identity theft."
Phishing is a sub-set of crimeware, a category that also includes spyware, other keylogging Trojans, and hacking tools. Emerging hybrid combinations of crimeware include spy-phishing, which uses phishing techniques to present itself to users, then employs other techniques to download and install spyware applications, and vishing, which involves the use of VoIP (Voice over Internet Protocol). Phishing borrows many techniques from spam, such as the evolvement of the subject and e-mail body content.
"The existence of underground phishing ecosystems and the large financial profits gained through botnets have transformed phishing into a worldwide organized crime undertaking," explained Rand. "Profits for phishing cyber criminals have ranged from tens of thousands to millions of dollars. On their side, businesses and consumers are greatly affected by significant financial losses and other short- and long-term damage to their overall financial health, brand, and reputation."
Businesses and consumers can protect themselves from the devastating effects of phishing due to botnet activities in two ways: educating themselves about phishing techniques and employing technology solutions that combat phishing. The following checklist is a general best practice prescription for guarding against malicious threats:
Businesses and consumers should:
Always install, update, and maintain firewalls and intrusion detection software, including those that provide malware/spyware security
Use the latest version of your Web browser, and install security patches when they're available.
Practice awareness when receiving e-mails that ask for your account details.
Never e-mail your financial or personal details.
Only open e-mail attachments from trusted parties.
Never click on links in suspicious e-mails.
Report suspicious e-mails to appropriate authorities, such as the Anti-Phishing Working Group or the Trend Micro Anti-Fraud Unit (antifraud@support.trendmicro.com).
Regularly read the latest news and information regarding phishing. (A good resource is Trend Micro's Phishing Encyclopedia.)
Business users should also:
Monitor logs from firewalls, intrusion detection systems, DNS servers, and proxy servers on a daily basis for signs of infection.
Establish rigorous password policies for clients, servers, and routers - and enforce them.
Ensure that only approved devices may connect to the organization's network.
In terms of specific technologies, businesses and consumers alike should look for layered solutions that protect against both sending-that is, becoming an unwitting accomplice to propagating spam-and receiving phishing emails. From a business perspective especially, layered solutions should also offer content protection at the client side, or end points, and at the network gateway - as well as monitor network behavior. This ensures against "rogue" devices such as laptops and notebooks-which are not always under administrators' control and may not have adequate or updated threat protection installed-infecting the entire network.
The following technology-related solutions are available to help combat phishing:
- On the client side or endpoint, implement a personal firewall and anti-virus solution to prevent sending of phishing emails and firewall, anti-virus solution as well as anti-phishing enabled browsers or toolbars to prevent receiving phishing emails.
- On the network, include a intrusion detection system/intrusion protection system (IDS/IPS) and network content protection to prevent both sending and receiving phishing emails.
- At the network gateway, implement a firewall, gateway anti-spam and gateway anti-virus to prevent sending and a domain reputation solution to prevent receiving phishing emails.
"Businesses and consumers who adopt a best practices policy will not only reduce their exposure to fraud and identity theft, they will also help in the fight against the serious and ongoing threat of phishing," said Rand.
|
|
|
|
|
|
|
| |
Do you have a comment, question, suggestion or tip for Trend Micro's The First Line of Defense? E-mail us and let us know what's on your mind. |
|
|
|
|
|
|
| |
|
|
|
|
 |
©2007 by Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo, HouseCall, InterScan, VirusWall, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this newsletter is subject to change without notice. |
|
|
 |
www.trendmicro.com |
 |
|
|
|
|
 |
| |
|
