Festive Season draws an influx of phishermen!

Online fraud and cyber crime seems to be escalating as the Festive Season draws nearer. It seems that almost every day we’re receiving reports from our customers and the public about suspected fraudulent sites. Many of these turn out to be criminal activities that have to be reported to the authorities.

A recent article, “Cameroon’s Cybercrime Boom” by Andy Greenberg, Forbes.com (2 Dec 2009), shows how a study of 27 million Web sites in Cameroon determined that more than HALF were engaged in “shady” activities.

Other country statistics were as follows:
China – one in three sites
Philipines – one in four sites
Hong Kong – one in five sites
.com domains – one in 15 sites

Many of these illegitimate sites were on registered domains that mimicked the true site domain name (with a small error included). This means that if the Internet user is looking for a legitimate site but accidentally types the wrong address; they may end up on the criminal site where they become unsuspecting victims to identity theft, malicious software, threat ware and other Internet nasties.

  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Solve Five Key IT Security Challenges with Cloud-Based Authentication
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The danger is not only to consumers who shop online but also to merchants wishing to sell their products online during this time. In some instances, the consumer is convinced that they are dealing with the legitimate company and their poor experience becomes a reflection on that business.

The best approach to combat this is to speak to your customers. For example: A large bank in South Africa recently redesigned their home page. They knew that some visitors to the site my suspect that they have landed on a phishing site and not the true banking site, so the bank decided to speak to their customers.

As soon as you open the site, you receive a little pop-up message to confirm that:

  1. This is the legitimate site and that a few design changes were made.
  2. This site has a valid SSL Certificate which can offer encryption and safe communications.
  3. The SSL Certificate can be checked by clicking on the padlock or trust mark.
  4. The Certificate is EV, which means that the browser address bar will show up as green.

Another local example was where a phishing site falsely led the public to believe that they were on the site of our fixed line telephone operator. They tried to sell airtime and equipment online. The design was excellent; they used the same look and feel, logo’s etc of the true site. While the authorities were investigating this situation, the legitimate operator immediately responded via the media and on their website to confirm that they are NOT the same organization and warned customers NOT to use their service.

Being pro-active to combat cyber crime and to maintain the trust that you have already established with your customers means that you have to be aware of any suspicious sites that may be impersonating your business.

A great source for this information (and to report fraudulent sites) is www.phishtank.com. Another great way to help your customers to understand how to identify phishing sites would be to point them to www.phishornophish.com (this site is available in multiple languages).

If consumers and merchants act with caution this festive season, the phishermen may be the only ones receiving any nasty surprises!

Bronwyn Johnson

About Bronwyn Johnson

Bronwyn Johnson is an author and freelance technology journalist. Passionate about technology and gadgets, Bronwyn has been involved with IT sales and marketing for over 15 years. She is currently working for VeriSign as a Product Marketing Manager based in Cape Town, South Africa.

, , ,

No comments yet.

Leave a Reply