Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/17/2011
01:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey Says Consumers Taking The Bait In Phishing Scams

Even respondents aware of the idea of phishing often engage in dangerous online activities, according to ProtectMyID

Irvine, Calif., Aug. 16, 2011 Whether in the form of fraudulent emails, falsified websites or deceptive text messages, cybercriminals are casting a wider phishing net in the hopes of obtaining personal information from unsuspecting consumers. Experians ProtectMyID', a leading, full-service provider of identity theft detection, protection and fraud resolution, recently commissioned a survey to understand the implications of cybercriminals phishing expeditions. The findings indicate many consumers are being hooked.[1]

Phishing is essentially an attempt by cybercriminals and identity thieves to obtain sensitive information by masquerading as a legitimate and trustworthy source, said Jennifer Leuer, senior vice president of Experian Consumer Direct, which owns ProtectMyID. While many Americans understand the risks, the survey revealed they are unknowingly putting themselves in jeopardy of identity theft.

Masked as legitimate companies or government entities, cybercriminals often use scare tactics to lure people into providing personal information such as financial account numbers, Social Security numbers, birth dates or other private data to thieves. According to survey results, 22 percent of respondents would readily supply their personal information requested in an email from one or more of the following sources: bank, credit union, charitable cause, credit card company or national/state government agency.

Other findings indicate that while many consumers assume they are taking the appropriate measures to protect themselves, they are in fact falling into carefully designed phishing traps. For instance, 32 percent of respondents would click on the website addresses in an email to verify the source. What they dont know, however, is that they are more than likely being led to a fraudulent site set up to trick them into providing personal information.

To help consumers avoid being hooked by phishing traps this summer, Experians ProtectMyID offers the following tips:

Do:

Use strong spam filters to minimize the amount of unwanted and unsolicited emails you receive. Thieves count on you being bombarded with too many emails and being too distracted to notice anything being phishy.

Use a trusted URL checker to confirm the legitimacy of any new Website you see in an email or wish to visit.

Make sure you are at the Website you really want and that you have a secure connection for any financial dealings. Look for the https, security certificate and yellow padlock when providing personal information to a Website.

Update firewall, antispyware programs and operating system patches. These are necessary to block access to your computer from the Internet and to protect against known exploits used by hackers. If you dont update frequently, you become vulnerable very quickly.

Check emails for misspellings, poor grammar and/or odd phrases.

Dont:

Respond or reply to emails asking to confirm any type of personal or financial information.

Click on any links contained in these types of emails. More than likely, they will lead to a fraudulent site set up to fool you into providing personal information, or they may install a virus or Trojan to steal your information.

ProtectMyID provides members with multiple layers of defense against identity theft, such as Surveillance Alerts; scanning the Internet daily for potentially fraudulent use of members personal information; access to a dedicated Identity Theft Resolution Agent should the need arise; and notification if a change of address action is initiated, a common practice among identity thieves.

About Experians ProtectMyID

ProtectMyID is a leading, full-service provider of identity theft detection, protection and fraud resolution. ProtectMyID offers comprehensive identity theft protection products supported by experienced identity theft resolution professionals who deliver personal attention that customers can rely on. ProtectMyID.com is a Website owned by ConsumerInfo.com, Inc., an Experian company. For more information about how ProtectMyID helps consumers protect themselves against identity theft, please visit http://www.ProtectMyID.com.

About Experian

Experian' is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and So Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1114
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1592
PUBLISHED: 2019-12-05
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.