Employees’ Awareness on Phishing Benefits both Employers & Workers

A white paper that outlines the ways for Web users to protect themselves from phishers in a better manner has been released by security firm ESET. The paper concludes by saying that it is mutually beneficial for both employers and employees if the former could train its workers in dealing with phishing e-mails.

The authors of the white paper, David Harley and Andrew Lee, pointed out that phishing gangs run a complex network and sophisticated infrastructure that works similarly as any other demand and supply economy. The gang has various departments taking care of different aspects of its business, the authors said in their company press release. Sourcewire published it on August 23, 2007. This way, the phishing economy completes a cycle with the purchase of goods by paying from stolen credit cards and then sells them through spam mails.

The paper says that while increasing Web users' knowledge about recognizing phishing scams, some advices may be incorrect or not as comprehensive as necessary.

Often well-meant but misleading advice exaggerates a security problem, says Andrew Lee, who is also CRO of ESET. There continues to be abundant confusion about phishing activities and its nature, whereas appropriate user-education could be of great help. Although defending workers against phishing attacks may not be part of 'duty of care' but if companies help in preventing them, it could avoid many complications that follow when an employee encounters defrauding.

ESET advises that even if an e-mail appears genuine, it is not safe to click embedded URLs. If a person has a relationship with an organization, then he/she should use the specified login procedure. If there is need to get in touch over phone, then it would be right to avoid phone numbers that the message may provide. For, like hoax Websites, telephone numbers can also be spoofed.

In the end the white paper, it is said that maintaining ignorance to psychological manipulation and social engineering techniques is the best defense against threats that use them.

Secure Computing, a technology firm, suggested in its recent report that phishers are shifting their attacks to specific targets, instead of releasing numerous scams to attack in bulk.

Related article: Employees Pose Internal Risk in European Businesses

» SPAMfighter News - 9/7/2007