Phishers Try To Reel In Small Businesses

Online phishing scams come in various flavors. Yet the basic MO is to steal a well-recognized brand such as eBay or Citibank and attach the logo to an E-mail with an innocent-sounding subject line such as, "Account activation required." The victim is then transported to a phony Web site where personal data is taken down and used to commit fraud.

Phishing is by no means the only online threat faced by small-business owners. Identity theft costs U.S. businesses and consumers $50 billion to $60 billion a year, according to the Federal Trade Commission. Banking activity accounts for 56% of reported incidents.

Last month, a Miami businessman sued Bank of America to recover $90,000 that he claims was stolen and diverted to a bank in Latvia after his computer was infected by a Trojan horse computer virus. His PC was found to be infected by coreflood, which logs victims' keystrokes through a back door installed on their computers. The lawsuit claims that Bank of America was negligent in not alerting him to the existence of the virus.

Online thieves are becoming more sophisticated in their techniques. During January, the Anti-Phishing Working Group reported "significant gains" in attackers using malicious code to gain access to end-user keystrokes. Password-stealing Trojans aren't just coming through E-mail, the group says in a report on its Web site. "We have seen multiple attacks through Microsoft Messenger, where Trojan horses and password-stealing keyloggers are run."

The Bropia worm had five variants in January alone. Also common are blended attacks that use combinations of E-mail, instant messaging, and Web sites to gain access to confidential information. Three-quarters of 568 small-business owners recently surveyed by Forrester Research say they're concerned about phishing.

Should financial institutions be held financially liable for phishing vulnerabilities associated with their names? Share your thoughts with us.

Steven Marlin,
Associate Editor
[email protected]

Financial Misdeeds
Have you or has anyone you know received fraudulent E-mail that appeared to come from a financial provider?

The recent spate of identity thefts has heightened public concern about the safety of personal information. Phishing has caused alarm, too. A quarter of small-business owners interviewed by Forrester Research say they've either received fraudulent E-mails from financial providers or know someone who has.

Business As Usual
Concern about phishing has prevented you from enrolling in online banking or bill payment.

Potential bank fraud might be a small-business concern, yet few owners have changed their online banking habits because of the possibility

of being swindled, according to the Forrester study. The convenience of conducting electronic banking or bill paying is too great. More than half the companies surveyed say phishing has had no dramatic effect on their use of online banking or bill-payment services.

Little Reluctance
Concern about phishing has prevented you from applying online for a financial product.

Phishing concerns aren't preventing small-business owners from applying online for financial products either. This, despite the fact that phony Web sites that capture personal data are the favored method of phishers or that online applications generally require information that any phisher would be happy to have. Phishing has had no effect on applying online for financial products for eight in 10 small-business owners surveyed.

Unanswered Messages
Because of phishing, you no longer open E-mail messages that say they're from your financial provider.

Knowing whether an E-mail message is authentic is impossible. The best recommendation: Check with the source before responding electronically. The potential for a phishing message to be read is great. Among the business owners surveyed by Forrester Research, only 17% say they no longer open electronic messages from their financial providers. The rest will at least read an E-mail message if received.