Intellectual Property Theft Has Never Been Easier - Is your enterprise protected

Intellectual property (IP) is at the core of any business. Confidential manufacturing processes, financial information, customer lists, digital source code, marketing strategies, research data or any other compilation of information used to obtain competitive advantage could be deadly to your enterprise if it ends up in the wrong hands.

Email-Based Communication Vulnerabilities
IP can leave the enterprise at any of a number of points. Failure to quickly recognize and protect these “soft spots” in your network security could have tragic results for the long-term viability of the company.

Attachment and content filtering
Unless your email security solution includes robust attachment and content filtering elements, anyone with access to your email network can send literally file cabinets worth of information to a private email account, to be retrieved at their convenience from any computer in the world. A single attachment can contain many years’ worth of confidential information, and if you allow it to leave your enterprise gateway, you may as well just publish it.

Intrusion prevention
Intrusion prevention is another Achilles’ heel for companies with inadequate email security in place. Even intermediate hackers can use email to gain access to the company’s digital backbone unless the necessary steps have been taken to keep them out. Once these hackers have access to the network, they can steal virtually anything stored anywhere on your network. For an example, we need look no farther back than August 2004, when the University of California, Berkeley suffered a network intrusion that resulted in the theft of the personal information of about 600,000 people.

Email encryption
Failure to encrypt email communication can also provide opportunity for would-be IP thieves. Messages to trusted partners, customers or any other recipients outside the network can be intercepted and read by anyone with rudimentary knowledge of email systems. Encrypting these conversations ensures that nobody but the sender and recipient have the ability to read the messages contained within the email.

Phishing
The explosion in phishing attacks, which utilize social engineering tactics to extract confidential information from email users, has presented a completely new and extremely dangerous method of IP theft. Unwitting employees are an easy target for phishers, who may pose as business partners, clients or any other “friendly” sender in order to gain access to sensitive information.

Viruses
Viruses have proven to be another highly effective method of extracting information from corporations. Virus writers can write simple programs that, once executed on your network, mine for all sorts of data and send information back to the virus writer, or to any other recipient.

Severance Package, Indeed
While your employees are your greatest asset, they have the potential to be your greatest liability as well. A disturbing, but not entirely surprising, fact is that most intellectual property (IP) theft is perpetrated by current and former employees. According to the U.S. Department of Justice, enterprises suffered $250 Billion in IP Theft in 2004.

A 2004 survey questioned 400 business professionals about their attitudes to IP theft. The research, conducted by Ibas, a computer forensics specialist, revealed some trends that should sound some alarm bells within organizations unsure of their IP security:

• 69.6% of business professionals have stolen some form of corporate IP from their employer when leaving a job.
  
• 32.6% of employees leaving a job took sales proposals and/or presentations with them.
  
• 30.4% admitted to taking information such as customer databases and contact information.
  
• The most commonly used method for stealing IP is to send electronic copies of documents and files to a personal email account.
  
• 58.7% think that taking IP is as, if not more, acceptable as exaggerating an insurance claim to cover the excess charge.
  
• Only 28.2% think that IP theft is completely unacceptable.
  
• The most common justification for IP theft was that the person had created the documents/files stolen and felt they partly belonged to them.
  

For more information about how CipherTrust’s IronMail can help your enterprise keep a lid on your intellectual property, download our FREE whitepaper, “Securing the Email Boundary: An Overview of IronMail.”

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Securing the Email Boundary: An Overview of IronMail” or by visiting www.ciphertrust.com.

Download Fraud Eliminator to Protect Yourself Click Here

UK Based Phishing IQ Test
Some time ago I posted a link to an American Phishing test. I'm pleased to tell you that there is now a UK Phishing Test using UK examples that might make rather more sense to us than the American one. Phishing, for those who don't know, are fake emails that supposedly come from banks etc. that are designed to get us to give out personal details, which can then be used to get money out of accounts and so on. No-one would fall for them, surely? If you're sure you're too clever then try the test and see how well you do!

Gmail Takes the Phun Out of Phishing
Google isn’t allowing itself to be put in the same situation as other e-mail providers in regard to phishing attacks. In October of last year, they implemented Yahoo’s DomainKeys e-mail source verification ( a month before Yahoo did, but that’s Google for you). Now they’re using a proprietary engine to tag suspicious messages coming in to Gmail accounts. When a Gmail user opens a suspected phishing message, the software displays a large red dialog box… Direct and Related Links for 'Gmail Takes the Phun Out of Phishing'

Netcraft: 5,600 Phishing Sites Since December
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

Netflix Fixes "Phishing" Security Threat
Christopher tipped me off to a Bugtraq Mailing list thread about a possible Netflix security problem involving "Phishing." This is the Wikipedia definition of phishing: In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack. Here's a link to an example of a phishing e-mail. This is an example of phishing HTML code: https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ This was just a warning and...

14,411 phishing attempts in April 2005
In April 2005, the number of phishing attempts rose to 14,411, says Anti-Phishing Working Group. A drop in unique phishing e-mails was reported, down to 3,930, from 4,100 in March 2005. Number of phishing Web sites hosted in China increased to 2,854 active phishing sites reported in April 2005 (22% of total). 26.3% of phishing [...]

Anti-Phishing Working Group Creates Phishing Scam Database for Members (2 June 2005)
In hopes of becoming a clearinghouse for phishing data, the Anti-Phishing Working Group has created a database of phishing scams that can be used to share information with other Anti-Phishing Working Group members; there is also an XML form that can be used to submit attack data.......

Strange "Barclays" phishing attempt
When I get these things, I usually just delete them immediately, but this strange message from “Barclays” caught my eye and I began to play with it. At first, it just seems like an obvious phishing attempt. Dear Barclays Member,This email was sent by the Barclays server to verify your email address. You must complete this process by clicking on the link below and entereing in the small window your Barclays Membership number, passcode and… Direct and Related Links for 'Strange “Barclays” phishing attempt'

Strange "Barclays" Phishing Attempt
When I get these things, I usually just delete them immediately, but this strange message from “Barclays” caught my eye and I began to play with it. At first, it just seems like an obvious phishing attempt. Dear Barclays Member, This e-mail was sent by the Barclays server to verify your e-mail address. You must complete this process by clicking on the link below and entereing in the small window your Barclays Membership number, passcode,… Direct and Related Links for 'Strange “Barclays” Phishing Attempt'

John Doe Lawsuits Filed Against Phishing Operators
“Microsoft filed 117 “John Doe” lawsuits against phishing site operators in an effort to curtail the identity theft scams. “We must work together to stop these con artists from misusing the Internet as a tool for fraud. Microsoft provides consumers with the information and technology that will help protect all of us from this pervasive and destructive threat, and has filed legal action today against some of these individuals,” Aaron Kornblum, Internet safety enforcement attorney… Direct and Related Links for 'John Doe Lawsuits Filed Against Phishing Operators'

Download Fraud Eliminator to Protect Yourself Click Here