No More Fish For The Phishers

Phishing, the art of deception is about to become a bit less successful according to some of the world’s largest banking institutions.  One morning before leaving for work you quickly scan your email and spot a quick note from your trusted bank that you have been with for years.  The typical scam pitch might go like “it’s that time of year again, dear member, to update and verify some information on your account…”  You are directed to your bank’s website, provide the vitals, and you are happily on your way to the office. Later in the day, with a shopping cart full of groceries you are horrified that your account cannot cover the charges.  The reality is that you are broke.  And, that website was NOT your trusted bank’s site at all.

“This cybercrime, known as Phishing, has cost industry an estimated $2.5 billion last year alone,” states Tero Pollanen, a well known fraud prevention specialist, “it is time to rethink security strategy.”  The latest school of thought is in the utilization of new exclusive internet addresses with unique domain endings such as dot-citi, dot-barclays or dot-bofa. The banking institutions are hoping that this will increase customer awareness that they actually are dealing with their bank rather than a scam website attempting to steal personal information.

According to Icann, the organization that more or less governs the internet, these new extensions could begin to appear in 2013. In addition to security concerns they would also aid in brand promotion.  But by far the greatest need for this change would be the possible security benefits over what they cannot obtain with a dot-com presence.

Fraud will still exist with careless customers and it is the weakest link in the chain of security.  But at least the institution can create a domain that ends in their bank name which will help to generate more trust in the institution. 

The key here of course is communication between the institution and its customers that when a web address ends in a particular dot-brand, it can be trusted. 

Ref.:  http://online.wsj.com/article/SB10000872396390444508504577593243972975650.html

Convicted Criminal? Maybe he can help

As unemployment rises, and competition for jobs gets increasingly stiffer, companies are often spoilt for choice with the creme-de-la-creme of potential employees. With an average of over 30 applicants for each position in London, many businesses are able to appoint higher caliber candidates than ever before.

Many firms are employing individuals capable of innovation and ‘thinking outside the box’ through purposefully hiring convicted criminals. Whilst on first consideration this may appear an odd choice, it appears to be producing the desired results. Some of the more high profile appointments are rumoured to include George Hotz, a hacker hired (reportedly) by facebook. Whilst not officially a convicted criminal, the youngster has settled a previous case out of court.

Many of the biggest names in technology are reputed to have hired hackers in the past too. Whilst few employers would openly admit to it, it is commonly believed that Apple, Microsoft, and Google have done so. Security firms and government agencies such as GCHQ in the UK even entice applicants by setting challenges for wannabe applicants to solve.

Whilst hiring, or even associating with hired hackers and convicted criminals is a risk for and company, it is a calculated risk considered by many to pay off. Not only will it create a certain amount of ‘buzz’ online, if the incentives are deemed sufficient by the individual, they may choose to invest in the company. Being able to manipulate the latest technology to a firms advantage, as well as the ability to see the bigger picture and truly improve and redesign the world in which we live is a genuinely exciting prospect.

In truth, employment in any context becomes a question of risk; how much a firm is content on risking, and how much an employee is prepared to risk in favour of, or indeed against, that position of trust.

Tero Pollanen is a online security specialist with years of experience on advising organisations on online fraud and security, he has experience from both sides of the security world.