E-mail policies -- A defense against phishing attacks

Phishing: Cutting the Identity Theft Line By Rachael Lininger and Russell Dean Vines                          334 pages; $29.99                     John Wiley & Sons

Interacting with customers

Not surprisingly, the first line of defense in the phish fight is the customer. Creating easily understandable standards for customer communications can go a long way in preventing a phishing attack and recovering quickly from one.

E-mail

E-mail is currently the largest attack vector for phishing malware and ID theft exploits. This may change, as Web sites increasingly begin to employ advanced scripting techniques and automated functions; but e-mail is still the hands down winner.

You can take a number of steps to protect your business from fraudulent e-mail, including the following:

• Standardizing your communications with the customer
• Implementing e-mail authentication

Information Security Bookshelf Read Chapter 6, Helping Your Organization Avoid Phishing Sound Off on this book excerpt More book chapters and reviews Learn more about e-mail security in E-mail Security School

Standard customer communication policy

Even if you're not a financial institution, as an ISP or Internet company you should have a customer e-mail policy. Policy is one of those terms that can mean several things. For example, there are security policies on firewalls, which refer to the access control and routing list information. Standards, procedures and guidelines are also referred to as policies in the larger sense of a global information security policy. For example, a policy can provide protection from liability due to an employee's actions, or it can control access to trade secrets.

Companies need many types of policies, standards, guidelines and procedures. But what I'm talking about here is creating a standard for e-mails from the company to the customer, which doesn't use the types of phish hooks you see in a phishing e-mail. A standard customer communications policy should convey a consistent message and not confuse your customer.

Here are some basic customer e-mail policy standards:

• Don't send e-mail in HTML format.
• Don't send attachments.
• Don't include or ask for personal information.
• Use the full name of the user.
• Don't include hyperlinks.
• Use localized messages.

Read Chapter 6, Helping Your Organization Avoid Phishing.

BROWSE BY TAG Application and Platform Security,   Email Protection,   Email and Messaging Threats (spam, phishing, instant messaging),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Messaging Threats (spam, phishing, instant messaging) How to prevent brute force webmail attacks Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) crimeware  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary