Phishing — the practice of lulling users into giving up their passwords and whatnot — is not just aimed at the public. Corporations are also falling victim.
According to MailFrontier, a company that provides ‘messaging security’, says that ”while phisher scams — a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information — garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information.”
MailFrontier cites as an example of this a large media company, where new hires received an email written in the official corporate format asking them to re-authenticate their SecurID cards by providing serial numbers corporate usernames, and PINs. The request appeared to come from the IT department, and several new employees provided the information. The emails, MailFrontier says, were fraudulent and as a result, the enterprise’s network was compromised, exposing secure corporate assets and employees’ personal information.
MailFrontier, of course, has a solution: its new MailFrontier Enterprise Gateway 3.and MailFrontier Desktop 4.0, “the only such products on the market that actively protect email users from this dangerous threat”. But that doesn’t mean it’s not a real problem. I just haven’t heard much about it. I guess that’s because companies don’t like to broadcast such breaches, not only because it’s bad PR but because, presumably, the most likely culprits would have to be someone in the same business.