Phishing Scams – Vircom Guru Campain

Paris, France, 30 November – Phishing has become a popular form of email fraud that is more menacing than most other forms of spam. Those who perpetuate it both deceitfully impersonate reputable companies and swindle individuals, which results in financial loss, bad credit and damaged reputations on the part of victims.

What is phishing?
Essentially, phishing is stealing. It’s the act of deviously obtaining information and using it – without permission – for financial or other gain.

Unlike most spammers who try to get your money by peddling products and services, phishers unscrupulously steal it by posing as legitimate, reputable institutions and enterprises and using false pretenses to get you to divulge confidential information.

Phishers are very methodical in their approach: they time their attacks and use social engineering to target customers of high-profile enterprises and institutions to ensure the greatest profitability. And profitable they are. According to a panel of industry experts who spoke at the 2004 Email Authentication Summit in Washington, D.C., phishing scams can generate between $100,000 and $200,000 per attack.

Targets and victims of phishing
Phishers generally imitate large enterprises that possess confidential information about their clients. Citibank®, Royal Bank of Scotland®, eBay®, PayPal® and Amazon® are among phishers’ favourite targets because they have millions of customers worldwide. A phishing email that imitates eBay, for example, is much more likely to be opened than an email spoofing a smaller, lesser known enterprise.

Many email users have a false sense of security about online privacy. But the reality is that anyone with an email address and a bank account, credit card, social security number or other confidential information is a potential victim of phishing.

Think you could never fall for a phishing scam? Consider this: according to the Federal Trade Commission, 33 percent of people who receive phishing scams click on links provided in the fraudulent emails.

How to avoid phishing scams
While it can be difficult to spot a phishing attempt at first glance, it is important to be aware of common tactics and characteristics that define them.
The following tips will help you recognize phishing attempts and avoid being taken – hook, line and sinker:

1) Read emails carefully! Busy schedules are a phisher’s dream: many email users read messages and click on links in the blink of an eye. Take the time to analyze every email. A few extra minutes now can save you time and money in the future.

2) Legitimate enterprises and institutions will never ask you to divulge confidential information, such as passwords and credit card information, in an unsolicited email. If you are asked to provide such details, you are likely being phished and should delete the message immediately.

3) Be wary of links provided in unsolicited emails. Phishing scams instruct you to click on a URL that may look legitimate but that leads to a fraudulent website. The web page or site you’ll end up on has been purposely designed to look official and aboveboard – but isn’t.

4) If you find yourself on a website or web page and are unsure about its authenticity, look for indicators that it is encrypted. These can include a lock icon on the status bar of your browser or a URL beginning with https:// (the “s” stands for “secure”). However, no indicator is foolproof; phishers can forge security icons and create fake secure URLs. The best course of action is to exit immediately.

5) Don’t act hastily. If an unsolicited email instructs you to authenticate yourself or act immediately to avoid a penalty or other negative consequence…wait. Phishing scams have a short life span. The longer they exist, the greater the chance of detection; this is why phishing emails urge you to act quickly, not because you will actually be penalized by the enterprise or institution.

Waiting a few days or even a week will help you to determine whether or not an email is legitimate. If you haven’t responded within that time frame, a legitimate enterprise or financial institution will follow up with you in a letter or phone call.

6) If you have any doubts about the legitimacy of an unsolicited email, contact the enterprise or financial institution in question using a phone number that you know is valid. You can obtain this information online or in a printed telephone directory; never automatically trust a phone number, address or any other information provided in an unsolicited email.

7) Equip yourself with comprehensive email security. Leading email security solutions like Vircom’s ModusTM server and gateway products offer a wide range of tools and technology – including Sender Policy Framework (SPF) – to eliminate virtually all phishing scams before they ever reach your inbox.

The SPF authentication protocol specifies which computers are authorized to send email from a particular domain. Email servers that implement SPF reject all emails whose domain names cannot be validated against the IP address listed in the corresponding DNS records.

If a phisher has a legitimate account with a specific domain name or owns the domain, he or she can still send email; however, doing so makes the scam much easier to trace and prosecute because it reveals more information about the spammer’s location.

Since over 95% of all spam comes from hijacked or forged domain names, SPF makes it more difficult for phishers to remain undetected: if they forge the ‘from’ address of a domain that employs SPF, the spoofed address will not be accepted by the server.

About Vircom: www.vircom.com
Montreal-based Vircom is a leading developer of cutting-edge Internet infrastructure and secure messaging solutions for the demanding needs of Internet Service Providers (ISPs) and corporate clients. Vircom’s mature ModusTM secure email management technology incorporates over 10 years of industry expertise, making it a powerful driving force in the defense against spam and email-borne fraud. Present in Europe since 2003, Vircom Europe has distribution agreements for its Modus anti-spam products with a network of managed security service providers, value-added distributors and resellers in the UK, France, Germany, Italy, the Netherlands, Portugal, Spain, Sweden, Switzerland and Turkey.