EnterpriseEmail Fraud Threatens Security of Sensitive Corporate Information | AccountingWEB

EnterpriseEmail Fraud Threatens Security of Sensitive Corporate Information

At DEMO 2004, Pavni Diwanji, CEO and co-founder of MailFrontier, warned corporate executives and IT directors of a growing threat to enterprise messaging: corporate email fraud. While phisher scams -- a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information -- garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information.

"E-mail is arguably the centerpiece of corporate business transactions and it has become the most vulnerable of enterprise applications," said Chris Shipley, executive producer of DEMO 2004.

During 2003, the Federal Trade Commission (FTC) received more than a half-million complaints regarding fraud and identity theft, according to a January 2004 FTC report. Internet-related fraud accounted for 55% of all fraud reports, up from 45% in 2002.

"Only the most alert and knowledgeable users can spot the difference between legitimate and fraudulent email," noted Rich Mogull, research director at Gartner. "Addressing the email fraud problem will require a combination of education and technology. Until the structure of the Internet includes needed anti-fraud capabilities, email, messaging security and Web browsing vendors should include anti-fraud functionality in their enterprise and desktop products."

Build a Protection Strategy:

Most enterprises need an integrated plan to defend themselves from email fraud, one that combines the time-proven success of consistent and accurate communication with the technology methodologies of cutting edge email
security, such as domain authentication. Such an approach consists of three essential components:

  • Detect Email Fraud: Identifying email fraud is very different from identifying spam, and it requires filtering methods specifically tuned to identify techniques utilized in fraudulent emails, such as hex-coded URLs.
  • Protect Against Email Fraud: Install a comprehensive email security solution that protects against enterprise email threats, be they fraud, spam or viruses. A solution that integrates fraud, spam, and virus detection in one product provides IT directors with an efficient, easy-to-administer solution.
  • Educate Users: Develop a corporate security policy that includes user awareness as an integral component. The more users know about fraud in the enterprise, the more likely that they will take appropriate action and not compromise the organization.

Most people would never think to question an email from their IT department asking them to reset and confirm their network password. Email fraudsters count on this and do not hesitate to exploit that trust in email and the vulnerabilities of this critical business communications tool. Due to the nature of their business, some businesses such as financial services companies or health insurance providers, may be higher profile targets for email fraud attacks. However, one thing is clear -- every company is vulnerable to email fraud attacks directly aimed at their secure enterprise environment and the vital information it protects.

Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.