Beyond Phishing, There’s Corporate Spoofing
Phishing — the practice of lulling users into giving up their passwords and whatnot — is not just aimed at the public. Corporations are also falling victim.
According to MailFrontier, a company that provides ‘messaging security’, says that ”while phisher scams — a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information — garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information.”
MailFrontier cites as an example of this a large media company, where new hires received an email written in the official corporate format asking them to re-authenticate their SecurID cards by providing serial numbers corporate usernames, and PINs. The request appeared to come from the IT department, and several new employees provided the information. The emails, MailFrontier says, were fraudulent and as a result, the enterprise’s network was compromised, exposing secure corporate assets and employees’ personal information.
MailFrontier, of course, has a solution: its new MailFrontier Enterprise Gateway 3.and MailFrontier Desktop 4.0, “the only such products on the market that actively protect email users from this dangerous threat”. But that doesn’t mean it’s not a real problem. I just haven’t heard much about it. I guess that’s because companies don’t like to broadcast such breaches, not only because it’s bad PR but because, presumably, the most likely culprits would have to be someone in the same business.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
17. February 2004 by jeremy
Categories: Scams | Tags: corporate networks, Crime, large media, MailFrontier Enterprise Gateway 3, MailFrontier Inc, media attention, official corporate format, Password, phishing, SecurID, Security, social engineering | Comments Off on Beyond Phishing, There’s Corporate Spoofing