Communication Can Take the Bite Out of Phishing

By Cameron Sturdevant  |  Posted 2004-02-02 Print this article Print

For companies trying to get their message to business partners, customers and prospects, simply complying with CAN-SPAM legislation may not be enough. The reason: Many spammers are going phishing.

For companies trying to get their message to business partners, customers and prospects, simply complying with CAN-SPAM legislation may not be enough. The reason: Many spammers are going phishing. Phishing, the latest spam trend, occurs when e-mail masquerading as a message from a real company directs recipients to a false Web page that looks identical to the real companys Web site. Phishing is a significant step in the transition of spam from nuisance and productivity speed bump to a potentially huge fraud problem.

Phishing messages have already targeted PayPal, an eBay Inc. company; Citigroup Inc.; and FleetBoston Financial Corp., among many others. Finding these messages and stopping them cold is the bread and butter of e-mail spam filters, but any company with a popular brand that uses credit card or financial account information is a potential victim of this kind of identity theft.

eWEEK Labs believes IT managers should take a hint from this new technique and get closer to the marketing department with advice on improving reliable communication with current customers and potential customers. For example, PayPal, Citibank and Fleet have posted messages on their Web sites that outline how these companies communicate with customers. The sites also discuss ways real PayPal or Citibank representatives contact customers to check on account status.

Educating customers and partners about company practices is an important weapon against phishing, but, like spam in general, well be seeing a lot more of these bogus messages before long. The reason is simple: The costs associated with spam are minuscule compared with the payoffs. "The Real Answer to the Spam Problem," a brief published last month by Forrester Research Inc., of Cambridge, Mass., argues that if spammers incurred costs of even $0.0025 cents per unsolicited message sent, most would go out of business.

Although we take issue with the Forrester papers conclusion that everyone should be charged a nominal fee to send e-mail, we agree that the current nature of e-mail means the financial incentive to spoof e-mail from companies such as Citibank is too tempting to be quashed with legislation alone.

2004 is very likely going to be the year when the convergence of spammers and virus writers makes beefing up basic e-mail protocols more important than ever. But dont count on speedy resolution of e-mail protocol security issues, as eWEEK Labs Technical Analyst Michael Caton warns in his Tech Analysis.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel