September 28, 2005 - (HOSTSEARCH.COM) - The 260-member, not-for-profit Information Security Forum (ISF) which includes half of the Fortune 100 has warned that Trojans have become sophisticated and harder to stop and that Trojan-based attacks will soon become a greater threat than email phishing in the US and Europe.
An ISF report citing a recent survey suggests that over a third of members have been directly affected by phishing attacks, with over 30% experiencing more than 20 attacks. The report goes on to provide a detailed five-point strategy designed to address phishing. While two-factor and even three-factor authentication is recognized as a proper preventative measure, the costs involved in initiation of such protection would not justify expenditure if compared to the direct costs of phishing fraud. The report does though suggest reputational damage, regulatory intervention or loss of competitive advantage would certainly be factors that would help balance costs.
Key to addressing phishing, the report suggests, is education. Companies should educate their customers on how to recognize phishing and identity theft, as well as, offer continuous Internet monitoring to identify phishing sites and misuse of their brands.
We believe that email phishing will move away from English speaking regions to Asia, China and the Middle East, to be replaced by a surge in sophisticated and well-organised Trojan attacks, said Andrew Wilson of the Information Security Forum. Often, the first time an organisation knows that it is under attack is when customers notice money missing from their accounts, so it will become vital to put early warning mechanisms in place. These can include closely monitoring customer complaints and feedback for signs of attack, regular checking of web sites for the unauthorised use of logos and brand names and open-source intelligence gathering for indications of planned attacks. Mr. Wilson went on to add Improving user awareness of Internet risks is key to fighting online fraud, but in a manner that does not risk losing customer-confidence in ecommerce and online banking.