@Marp wrote:
@Spurt wrote:
I hope Amazon is seriously working on stopping these false phising emails impersonating them, Amazon's "remedy of just posting a warning to customers on their website isn't enough .....perhaps they need to do this before they work on expanding their Amazon business further.....and perhaps they are getting a bit too big for their britches I think ............
What would you suggest Amazon do about a problem that does not originate from their servers? The majority of the scam and phishing emails originate from overseas just like spam phone calls. By the time one solution is found the scammers have moved on to a new method.
The problem is not exclusive to Amazon. I get scam emails from banks, retailers, brokerages, organizations, schools, etc. and while I take the time to forward the emails to their security/phishing department when I can find an address I don't delude myself into thinking the entity can do anything to stop the scamming.
@Marp @JaneMarple
http://searchsecurity.techtarget.com/tip/Hooked-Phishing-is-luring-more-and-more-of-your-customers
https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
Other retailers have found ways to stop these scams....why cant big mighty Amazon do it.........they are involved in the tech world developing new tech gadgets so certainly they have the resources they can develop to put preventive things in place like banks, paypal, and others have done to stop this phising of their name..........I personally witnessed a stoppage, a bank had the same issue with phising shut down rather quickly.......it CAN be done! It's Amazon ..... one of their vendors was advertising named braned items but sending out cheap non-named brand knockoffs---and they used the named brand product in their description and photo, and when I reported the vendor Amazon did NOTHING! And also had a credit card hacked when purchasing merchandise from Amazon directly --- I have not shopped with them since! Amazon has security issues......I suggest customers be deligent and check their statements carefully, update security software, and change password frequently!
Fighting Back
Early warnings are good, but service providers have no control over how customers respond to spoofed emails. Since phishing scams target customers at their homes and workplaces, it's critical to have a clear policy governing the solicitation of personal information. Many companies warn customers that they will never solicit authentication information through email.
Make sure everyone in your organization is on the same policy page; imagine the damage if one of your divisions solicits personal information after your customers have been warned to watch out for it.
Consider these additional steps:
- Be proactive on your Web site. eBay and Earthlink provide customers with specialized toolbars that alert them when entering a suspected phishing Web site and direct them to a Web page with information about online scams. PayPal provides a link to its security site, which tells customers how to spot fraudulent e-mails.
- Monitor DNS registrations closely and subscribe to services, such as Netcraft, that alert you when someone registers a domain that matches certain criteria indicating a spoofed Web site.
- Move quickly to take down hijacked Web sites by alerting the host organization--often an ISP or university--that one or more of its servers has been compromised. You may have to call law enforcement if the organization refuses or is slow to respond. While domestic hosting services often cooperate, the task is more difficult when dealing with offshore ISPs not governed by U.S. law.
- Consider the use of digital signatures. Several products, including ZixCorp's ZixVPM and PostX's Trusted E-Business, provide secure e-mail services, and Tumble-weed's E-mail Firewall digitally signs outgoing mail based on policy. Digital signatures are entirely under the control of the sender and will serve the needs of high-end, technology-savvy customers. The education of uninitiated users is far more challenging, making this approach less practical for larger implementations.
- Don't depend on SSL certificates. That reassuring padlock symbol at the bottom of your browser window simply means there's an SSL connection; it doesn't confirm the identity of the connected server. The hitch is that IE allows plaintext certificates that can easily be used to forge the site identity.
- Make your organization an unattractive target. "Banks need to build a reputation in the fraudster community--'Don't mess with me,'" says Cyota's Bennett. "Be very aggressive in legal ways and take the counter-offensive."
n January, Cyota launched Cyota FraudAction, a modular suite of services that combats phishing attacks. At the core of FraudAction is Cyota's antifraud command center, which detects potential phishing attacks by analyzing data pulled in by various probes, decoys and several of Cyota's partners.
Cyota's analysts create damage assessment reports based on parameters such as the number of hits, quality of the e-mail and type of information the attacker is trying to obtain. This gives Cyota's clients an early warning so they can shut down the phisher's site and alert their customers and provides forensics data to aid in possible prosecution.
In May, MarkMonitor, an Internet brand protection and corporate domain registration specialist, announced Fraud Protection, which uses distributed honeypots and sophisticated baiting techniques to draw in and identify potential attacks. The firm monitors chat rooms, newsgroups and domain registries, processing the data through its correlation engines to determine potential threats.
MarkMonitor gathers data to help customers shut down attackers. It also provides evidence should the customers decide to prosecute.
Cyveillance, an online risk monitoring and management services provider, gives early attack warnings through its Cyveillance Intelligence Center Technology, which monitors hundreds of thousands of junk e-mails daily and cases the Web for potential attack intelligence.
Brightmail offers email security products and services, including Brightmail Anti-Fraud, which leverages Brightmail's Probe Network, consisting of more than 2 million decoy email accounts and antispam technology to detect spoofing attempts characteristic of phishing attacks. If fraud is detected, Brightmail creates rules to block subsequent spoofed e-mails from reaching customer accounts.
Numerous other vendors--such as Tumbleweed Communications, CipherTrust and NetIntelligence--feature antispam and email filtering products and services and are good sources of phishing intelligence.
Tumbleweed founded the Anti-Phishing Working Group last fall. Membership is open to financial institutions, online retailers, law enforcement organizations and vendors.
Growing Stakes
If you still don't think phishing is a problem, consider what's at risk:
The Gartner study estimates that 30 million Americans have received a phishing attack, and about 3% (1.78 million) submitted personal and/or financial information. This percentage is likely many times greater than the response to typical spam messages and more than enough to assure phishers a high return on a minimal investment. Other sources say the response rate is as high as 5 percent.
There isn't enough evidence to accurately estimate how much money phishers net, but Gartner estimates the direct cost to companies was $1.2 billion in 2003, and, given the dramatic increase in attacks this year, it's easy to foresee growing losses.
In addition to direct losses, add downtime in the face of concerted attacks, the cost of issuing new credentials to customers who have been compromised, the security spending and potential liability, and you have the potential for a serious problem.
And, it's hard to put a dollar value on trust.
"Losses are high," says Mark Shull, president and CEO of MarkMonitor, "but the growing concern is having consumers reluctant to do business online."
Animals are reliable, full of love, true in their affections, grateful. Difficult standards for people to live up to.”
Blogs & Forums
Forums
Blogs
