EnterpriseEmail Fraud Threatens Security of Sensitive Corporate Information

At DEMO 2004, Pavni Diwanji, CEO and co-founder of MailFrontier, warned corporate executives and IT directors of a growing threat to enterprise messaging: corporate email fraud. While phisher scams -- a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information -- garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information.

"E-mail is arguably the centerpiece of corporate business transactions and it has become the most vulnerable of enterprise applications," said Chris Shipley, executive producer of DEMO 2004.

During 2003, the Federal Trade Commission (FTC) received more than a half-million complaints regarding fraud and identity theft, according to a January 2004 FTC report. Internet-related fraud accounted for 55% of all fraud reports, up from 45% in 2002.

"Only the most alert and knowledgeable users can spot the difference between legitimate and fraudulent email," noted Rich Mogull, research director at Gartner. "Addressing the email fraud problem will require a combination of education and technology. Until the structure of the Internet includes needed anti-fraud capabilities, email, messaging security and Web browsing vendors should include anti-fraud functionality in their enterprise and desktop products."

Build a Protection Strategy:

Most enterprises need an integrated plan to defend themselves from email fraud, one that combines the time-proven success of consistent and accurate communication with the technology methodologies of cutting edge email
security, such as domain authentication. Such an approach consists of three essential components:

  • Detect Email Fraud: Identifying email fraud is very different from identifying spam, and it requires filtering methods specifically tuned to identify techniques utilized in fraudulent emails, such as hex-coded URLs.
  • Protect Against Email Fraud: Install a comprehensive email security solution that protects against enterprise email threats, be they fraud, spam or viruses. A solution that integrates fraud, spam, and virus detection in one product provides IT directors with an efficient, easy-to-administer solution.
  • Educate Users: Develop a corporate security policy that includes user awareness as an integral component. The more users know about fraud in the enterprise, the more likely that they will take appropriate action and not compromise the organization.

Most people would never think to question an email from their IT department asking them to reset and confirm their network password. Email fraudsters count on this and do not hesitate to exploit that trust in email and the vulnerabilities of this critical business communications tool. Due to the nature of their business, some businesses such as financial services companies or health insurance providers, may be higher profile targets for email fraud attacks. However, one thing is clear -- every company is vulnerable to email fraud attacks directly aimed at their secure enterprise environment and the vital information it protects.

You may like these other stories...

Here's a CPA who truly walks the walk. On March 15, Frank Ryan, CPA, departed San Diego, California, with plans to be in Ocean City, Maryland, by July 2 to teach a course at the Maryland Association of CPAs’ (MACPA...
When Theodore J. Flynn first joined the Massachusetts Society of CPAs (MSCPA) in 1970, it was a different world and a different profession.  The "Big Eight" were still headquartered in Boston. Vietnam War...
Accountant Rickey Charles Goodrich had it a little too good. Many bean counters would kill to serve as financial guru to the likes of Pearl Jam. Goodrich was hired in 2005, and the following year, he became the CFO of Curtis...

Already a member? log in here.

Upcoming CPE Webinars

Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 10
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.