Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/17/2011
01:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey Says Consumers Taking The Bait In Phishing Scams

Even respondents aware of the idea of phishing often engage in dangerous online activities, according to ProtectMyID

Irvine, Calif., Aug. 16, 2011 Whether in the form of fraudulent emails, falsified websites or deceptive text messages, cybercriminals are casting a wider phishing net in the hopes of obtaining personal information from unsuspecting consumers. Experians ProtectMyID', a leading, full-service provider of identity theft detection, protection and fraud resolution, recently commissioned a survey to understand the implications of cybercriminals phishing expeditions. The findings indicate many consumers are being hooked.[1]

Phishing is essentially an attempt by cybercriminals and identity thieves to obtain sensitive information by masquerading as a legitimate and trustworthy source, said Jennifer Leuer, senior vice president of Experian Consumer Direct, which owns ProtectMyID. While many Americans understand the risks, the survey revealed they are unknowingly putting themselves in jeopardy of identity theft.

Masked as legitimate companies or government entities, cybercriminals often use scare tactics to lure people into providing personal information such as financial account numbers, Social Security numbers, birth dates or other private data to thieves. According to survey results, 22 percent of respondents would readily supply their personal information requested in an email from one or more of the following sources: bank, credit union, charitable cause, credit card company or national/state government agency.

Other findings indicate that while many consumers assume they are taking the appropriate measures to protect themselves, they are in fact falling into carefully designed phishing traps. For instance, 32 percent of respondents would click on the website addresses in an email to verify the source. What they dont know, however, is that they are more than likely being led to a fraudulent site set up to trick them into providing personal information.

To help consumers avoid being hooked by phishing traps this summer, Experians ProtectMyID offers the following tips:

Do:

Use strong spam filters to minimize the amount of unwanted and unsolicited emails you receive. Thieves count on you being bombarded with too many emails and being too distracted to notice anything being phishy.

Use a trusted URL checker to confirm the legitimacy of any new Website you see in an email or wish to visit.

Make sure you are at the Website you really want and that you have a secure connection for any financial dealings. Look for the https, security certificate and yellow padlock when providing personal information to a Website.

Update firewall, antispyware programs and operating system patches. These are necessary to block access to your computer from the Internet and to protect against known exploits used by hackers. If you dont update frequently, you become vulnerable very quickly.

Check emails for misspellings, poor grammar and/or odd phrases.

Dont:

Respond or reply to emails asking to confirm any type of personal or financial information.

Click on any links contained in these types of emails. More than likely, they will lead to a fraudulent site set up to fool you into providing personal information, or they may install a virus or Trojan to steal your information.

ProtectMyID provides members with multiple layers of defense against identity theft, such as Surveillance Alerts; scanning the Internet daily for potentially fraudulent use of members personal information; access to a dedicated Identity Theft Resolution Agent should the need arise; and notification if a change of address action is initiated, a common practice among identity thieves.

About Experians ProtectMyID

ProtectMyID is a leading, full-service provider of identity theft detection, protection and fraud resolution. ProtectMyID offers comprehensive identity theft protection products supported by experienced identity theft resolution professionals who deliver personal attention that customers can rely on. ProtectMyID.com is a Website owned by ConsumerInfo.com, Inc., an Experian company. For more information about how ProtectMyID helps consumers protect themselves against identity theft, please visit http://www.ProtectMyID.com.

About Experian

Experian' is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and So Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4095
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
CVE-2019-4244
PUBLISHED: 2019-12-10
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
CVE-2019-4521
PUBLISHED: 2019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
CVE-2019-4663
PUBLISHED: 2019-12-10
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245...
CVE-2019-19251
PUBLISHED: 2019-12-10
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.