In Brief

Note to Phishers Please Do Not Read This

Phishing is one of the fastest-growing electronic crimes; Truste and E&Y offer security advice

By CSO Contributor

July 01, 2005 — CSO —

Phishing is one of the fastest-growing electronic crimes, and its a particularly difficult one for law enforcement to handle (see "Pulling Threads on E-Crime"). To help companies cope, TRUSTe, a nonprofit privacy group, and consultancy Ernst & Young recently published an eight-page white paper titled "How Not to Look Like a Phish." For the full report, visit www.truste.org/about/phish.php (or www.csoonline.com/printlinks). Here are a few excerpts.

E-mail

Tip: Don't request personal information from customers directly from an e-mail hyperlink.

Example: If you need an updated address—for example, to complete a delivery—instruct the customer to go to your companys website to provide it.

Tip: Do personalize e-mail when possible, to show that you know your customers' names.

Example: Use "Dear James Smith" instead of "Dear Sir" to help consumers recognize you as a legitimate sender.

Tip: Dont link to third-party sites from your e-mail messages; doing this puts customers in the habit of clicking through to someone elses domain to do business with you.

Example: Don't use third-party proxy links such as www.deliveryspecialist.com?redirect= www.yourdomain.com; instead send customers to www.yourdomain.com.

Website

Tip: Use clean and crisp domain-naming strategies.

Example: Use the URL www.your company.com/freepromotion instead of www.x3429yourcompany.com/1jdif/promotion.

Tip: Don't design your site to open pop-up windows that have only limited functionality.

Example: Provide pop-up windows with address bars, clear URLs and navigational
elements such as back bars.

Tip: Don't rely on pop-up windows for data collection; some scams pop up over legitimate websites to gain credibility.

Example: See above.

SOURCE: truste and Ernst & Young