Phishing Could Be a Security Concern for Tysons Corner-Vienna-Alexandria Businesses

As more small and medium-sized businesses make use of online services including email, banking, credit card merchant account management, or the management of their company’s website, the threat of online identity theft or “phishing” may grow into a significant security concern for these businesses. In fact, according to the Anti-Phishing Working Group (APWG), a consortium of more than 1,000 firms, including a majority of the top U.S. banks and ISPs, phishing reports doubled from November of 2004 through November of 2005 from 8975 to 16882. In addition, the use of password stealing software applications used along with email phishing attempts quadrupled from 260 instances in April of 2005 to 1044 in November of 2005.

Furthermore, according to a survey conducted by the FBI with over 2000 organizations, 64 percent suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million just for those surveyed. In addition, the overall cost to Americans through identity theft reached $52.6 billion in 2004 compared to only $1 billion in telecommunication fraud. The survey also reveals that computer theft and computer-based financial fraud ranks second behind worm, virus and Trojan horse computer threats.

These figures alone may be alarming, there are a number of easy and economical methods for preventing this type of online threat.  While there is no one solution to protect against phishing attempts, businesses should use and keep up-to-date antivirus and spyware protection as well as spam blocking software. In addition, businesses are urged to take great care when receiving email from insurance, credit card companies or banks, as few genuine financial institutions use email to communicate in this manner. Consider outsourcing. While ISPs offer security services for companies, a professional managed services provider can tailor their services specifically for the small and medium-sized business, providing similar levels of IT support previously found only in large companies.

TeamLogic IT of Tysons Corner-McLean-Alexandria is part of a nationwide network of managed services providers offering state-of-the-art computer solutions to small and medium sized organizations throughout the United States. Through consulting services, a comprehensive preventative maintenance called SystemWatch, as well as a wide array of day-to-day service and repair, TeamLogic IT addresses the needs of all levels of IT systems.

What is Phishing?
The term “phishing” comes from the analogy that Internet scammers use email as bait to fish for passwords and financial data from the sea of Internet users. Since hackers have a tendency of replacing "f" with "ph,” the term phishing was derived. The term has also evolved over the years to include not only obtaining user account details but also access to all personal and financial data.

In practice, phishing is a form of Internet fraud that aims to steal valuable information such as credit card or social security numbers, user IDs and passwords. Generally, a fake website is created almost identical to that of a legitimate organization, typically a financial institution such as a bank, credit card or insurance company. An email is sent requesting that the recipient visit the fake website and enter their personal details, including security access codes and account information.

The Threat to Small and Medium-Sized Businesses
In the results from a survey conducted by Trend Micro, a provider of network antivirus and Internet content security software and services, 43 percent of respondents have experienced an email-based phishing threat and half of all U.S. businesses with less than 500 employees have encountered phishing at work. The survey goes on to state that at least one-third of these respondents said they lost personal information, experienced drop-offs in productivity or were victims of identity theft; one-fifth said they also lost company information. Respondents also reported the most increases in phishing attacks were among small-business users.

What Do Phishing Scams Look Like?
Over the last few years, phishing scams have become more sophisticated. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing e-mail messages look even more believable, the scam artists may use legitimate links that appear to go to the actual financial institution’s website, but actually take you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the phishers. They then have the ability to use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.

How to tell if an Email is Fraudulent
The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.
•    Verify your account. Businesses should not ask you to send passwords, login names, Social Security numbers or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.
•    If you don't respond within 48 hours, your account will be closed. Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking.
•    Dear valued customer. Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.
•    Click the link below to gain access to your account. HTML-formatted messages can contain links or forms that you can fill out just as you might on an actual website. The links that you are urged to click may contain all or part of a real company's name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a phony web site. 

For more information, visit http://www.teamlogicit.com/Tysons/ or contact Peter Siler at TysonsCorner@TeamLogicIT.com.