Even though Web filtering defenses are available, there is no bulletproof, technological solution to user obliviousness of phishing—one of the newest, most insidious social-engineering attacks. The best remedy for these diabolical exploits is education. Presented here are four sure signs of a phishing attack on your users, which you should pass along to make sure they are aware of the telltale fingerprints phishing can display when—not if—they are encountered.
How to identify phish
Emails that ask for personal information—such as account numbers, screen names, passwords, or answers to common security questions like mother’s maiden name or place of birth. Legitimate organizations will not ask your users to send sensitive personal data via email.
Urgent action is required or face the consequences—emails that threaten to suspend or close accounts within a short period unless an immediate response is sent with the requested information are most likely phish. Responsible organizations do not threaten their customers.
Lack of personalization and/or professionalism—emails addressed to "Dear Customer," Accountholder," "Client," or similar catchall salutations are probably fraud attempts. Businesses do not stay in business without knowing who their customers are. Also, misspellings, grammatical errors, and poor or unusual word choice are dead giveaways of phish.
Monetary offers—emails that offer to share lottery winnings or a finder’s fee for helping transfer money out of some remote country via a personal checking account are always fraudulent. Better known as the "Nigerian scam" due to their prevalence for mentioning real or fictitious Nigerian financial institutions, these emails started as a common variety of plain-text spam offering to transfer large sums of money if only a checking number were provided. However, with the power of HTML and sophisticated-looking graphics, these scams have evolved into a much more convincing type of cyber crime.
What to do next: Report phishing attacks
Once your organization has discovered it is under attack by phish and you have alerted your users, the next step is to report the phishing attack to the proper authorities. In many cases, such as phishing sites impersonating banks or e-commerce, companies have dedicated phishing/spoof addresses like Wells Fargo, reportphish@wellsfargo.com or PayPal, spoof@paypal.com. Check the specific Web site for its phish/spoof address. The general abuse@ email address is also an appropriate reporting method for many companies.
For phishing attacks impersonating an entire brand of credit card but not a specific financial institution the following contacts are useful for reporting purposes:
In addition, there are more general anti-phishing organizations that will take your phishing reports and add them to their databases to alert other potential victims or in an effort to track and take down the fraudulent sites. Without altering the subject line, submit the entire phishing email, including headers, to the following:
To check to see if your attack has been previously reported, the following Web sites offer current and archival records of many phishing sites, as well as other anti-phishing resources:
In addition, there are more general anti-phishing organizations that will take your phishing reports and add them to their databases to alert other potential victims or in an effort to track and take down the fraudulent sites. Without altering the subject line, submit the entire phishing email, including headers, to the following:
- Anti-Phishing Working Group
- Better Business Bureau
- Call for Action, Inc.
- Phishing Incident Reporting and Termination Squad
- United States Computer Emergency Readiness Team
To check to see if your attack has been previously reported, the following Web sites offer current and archival records of many phishing sites, as well as other anti-phishing resources:
From another perspective, an equally important action you can take is to prevent your network from becoming an unwitting participant in phishing attacks, similar to a phishing attack on a Russian bank in early 2006. In that case, cyber criminals were able to set up a phish site on the bank’s own computer. However, there are steps you can take to mitigate this kind of damage to your enterprise. Check Point's Web Intelligence, an optional component for VPN-1 Power and VPN-1 UTM, can protect a company's Web servers to stop common phishing techniques such as cross-site scripting and reduces a company's liability of inadvertently taking part in a phishing attack.