Marshal Content Security Issues : Phishing

Marshal - Content Security Issues

Phishing

Phishing is the practice of tricking unsuspecting customers of a business into imparting their confidential information for illegal use. There is a strong social engineering factor in the success of phishing attacks. Phishing typically involves sending a false email to a customer, claiming to be from a legitimate business that the customer has had prior dealings with. The email entices the customer into surrendering private information that will be used for identity theft. The phish email directs the user to visit a fraudulent web site that mimics the look of the legitimate business the customer normally deals with. On the fraudulent site, they are asked to update their personal information (such as passwords, credit card, social security, and bank account numbers).

A Growing Threat

According to a study by Gartner, 57 million Internet users in the US have received a phishing email, and 1.7 million of these have fallen victims to the scam.

With the increased use of e-commerce, phishing exploits are expected to increase sharply. Phishing attacks cause damage in two ways:

they have the potential to inflict severe monetary and data loss due to fraudulent use of the harvested information
phishing undermines consumer confidence in online commerce

A Lucrative Enterprise

The boom in online financial transactions has made phishing a lucrative method of attack for scammers. The risk-to-reward ratio for phishing attacks is very favorable for the attacker. The cost and ease of sending emails and setting up a web presence are trivial. As with spam, the fact that so many millions of people can be targeted makes it worthwhile, even with low hit rates. Even if less than one percent of the targeted victims respond, phishing emails can be very productive. In addition, prosecuting the perpetrators of phishing attacks has proven to be difficult. Information stolen from phishing victims is used in various ways by the criminals, with the most common uses being:

victims' credentials may be used for unauthorized transactions
legitimate users may be denied access to their own assets
attackers can sell users' personal information for criminal purposes

Methods of Attack

Fake emails and fraudulent websites are the most common phishing tools. Phishing emails usually look as if they came from the genuine organization and trick the user into divulging their passwords and account details. The emails are typically official-looking, HTML-based emails. Attackers use HTML because it is useful in obfuscating the actual URL. The email sender is, of course, fake and open mail relays disguise the email's actual source. These emails direct users to a legitimate-looking URL where the attacker is able to collect information.

Marshal Solutions Help Secure Your Network.

Marshal delivers enterprise level gateway protection from phishing. MailMarshal SMTP stops most phish email before users ever see it. WebMarshal blocks user attempts to visit phish websites. Marshal's anti-phishing technologies include:

SpamCensor: Marshal's proprietary anti-spam technology is a powerful resource against phishing email. SpamCensor includes an automatic update service, including Zero Day updates, to counter the latest trends in malicious email.
URLCensor: Now available in both MailMarshal SMTP and WebMarshal, this DNS Blacklist based classification focuses on servers and domains associated with malicious activity. You can choose to block email that mentions these sites, and block access to the sites themselves.
TextCensor: Marshal's original lexical analysis engine allows you to automatically scan the text content of email and web pages. You can use Marshal's default scripts or your own custom criteria. Malicious content can be blocked or restricted.
Filtering lists: WebMarshal can classify sites based on input from third-party categorization sources such as Secure Computing's SmartFilter.

Marshal solutions allow you to block phishing attempts at the network gateway - ensuring you can secure your confidential data, protect your users from identity theft, and comply with regulations on data privacy.

MailMarshal SMTP Datasheet

WebMarshal Datasheet

Enquiry

Top of Page

Product Information:
	Marshal Overview
	MailMarshal SMTP
	MailMarshal Exchange
	ImageAnalyzer
	WebMarshal
	M86 Secure Web Gateway
	M86 Secure Web Service Hybrid
	Enquiry

Marshal Solutions:
	Anti-Spam
	Anti-Phishing
	Anti-Virus
	Anti-Spyware

Marshal Information:
	Marshal Corporate
	Marshal Datasheets & White Papers