IT Observer - Employees Fall for the Phish

Advertise
Contact
SecurityWatch

GFI MailArchiver for Exchange - Easily archive Exchange Server mail & comply with Sarbanes Oxley - Free evaluation available.

Network Security Software - Sponsored by GFI Network Security.

Nortel: Get a free VoIP non-obligation assessment

Employees Fall for the Phish
Author: IT-Observer Staff
Wednesday, 18 May 2005, 17:58 GMT

IT decision-makers who work for organizations with at least 100 employees were surveyed on phishing and IT security in the workplace. The survey revealed that employees fallen for the phish in nearly half of the businesses and the majority of businesses are not protected from phishing attacks.

The Phishing Trends Survey, conducted by WebSense, shows that 33 percent of employees said that they have heard of phishing, 4 percent of employees admitted that they had fallen for a phish, 82 percent of IT decision-makers stated that their workers have received phishing attacks via email or instant messaging, 45 percent of IT decision-makers who had employees receive a phishing attack said that their employees did click through the URL because it was hard to identify phishing sites.

The survey highlighted the difficulty in deciphering whether a website accessed via a link in an email is legitimate or a fraudulent web-site. Not surprisingly, half of the IT decision-makers surveyed do not believe that employees can accurately identify phishing sites.

“Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a valid site and which is a fake,” said Dan Hubbard, senior director of security and technology research, and head of Websense Security Labs, at Websense, Inc.

The survey has emphasized the security threat of phishing attacks – 32 percent of IT decision-makers reported that phishing attacks have caused security problems for their business and the majority of IT decision-makers do not feel their company is well protected from internet security threats.

“Although the Websense survey shows that only four percent of employees admit to clicking on phishing URLs, this is actually a high number in the security community,” says Brian Burke, research manager for security products at IDC.

“It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations’ intellectual property.”

Monday, May 23, 2005

Network Security

·	Hackers get tricky with pharming
·	Hiring a hacker? Think again, experts warn
·	Why security vulnerabilities expand beyond operating system, enterprise
·	How Dangerous Was The Cisco Code Theft?

Wireless Security

·	picoChip, Hifn unveil WiMAX basestation reference
·	Why wireless devices must be connected to critical applications
·	Securing 'strange' Wi-Fi devices
·	IT giants fight wireless patent

InfoSec Directory

·	Phishing attacks and countermeasures
·	Overview of image security techniques with applications in multimedia systems
·	Inoculating SSH Against Address-Harvesting Worms
·	What is the point of encryption if you don’t know who for?

Press Releases

·	nCipher helps combat phishing attacks with Chip and PIN
·	LANDesk Named to 2005 Red Herring Top 100
·	HP Simplifies Business Protection for Small and Mid-size Businesses with New Smart Office Program
·	Clifford Chance appoints Redbus Interhouse to Provide Pan-European Services

:: ::