Home / Blogs

Protecting Brands from Phishers No Easy Task

Just in case you’ve been out of the country for the last 12 months, a new scourge is hitting the Internet and the world of email and it’s called phishing. The Anti-Phishing Working Group defines phishing as identity theft “attacks using ‘spoofed’ e-mails and fraudulent Websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords…”

According to various experts, the incidents of phishing are rising at an alarming rate: there were 13,000 unique phishing attacks in January alone - that’s a 42 percent surge over the previous month.

The real problem is that phishing works. Some of the sharpest folks I know have accidentally provided their personal information to a credible-looking website claiming to be eBay, Citibank, etc. In fact, 64 corporate brands were used in phishing attacks in January.

So, if you are a large, well branded company, how do you prevent this from happening to you and your customers? The bad news is that there are no obvious or easy answers. A recent article from Forbes talks about legislation that’s working its way through congress but, like CAN-SPAM, it is, at best, only a partial solution.

Fortunately, as consumers, there’s quite a bit we can do. Great email filter products like MailFrontier offer some protection. Browser plug-ins will help catch fraudulent sites by comparing URLs to known lists of bad guys. Various popular email programs are releasing new versions that will help call out and prevent some of the more popular tricks being used by phishers today.

The bad news is that, as senders, there’s not as much you can do.

Here’s a quick list of ideas I’ve compiled from various sources on the topic:

  • Educate your customers/recipients - of course, this will only go so far.
  • Alternate channels - new protocols like RSS largely solve the problems of phishing but very few consumers are currently using RSS readers, so this solution is still somewhat in the future.
  • Personalize your messsages - show the recipient that you know more than their email address. Ideally, ask them for a “secret phrase” when they register and then make sure they know that you’ll use it in every email you send them - they should closely scrutinize any emails without that phrase.
  • Allow confirmation codes on your home page - set up your home page with a simple text input. Users can type in a code embedded in emails at your home page and get a confirmation that the message or the site in the message is valid. This requires some help from IT but it makes it easy for users to check the validity of any message they are concerned about.
  • Don’t leave any open re-directs on your Website - these can be used to make a site LOOK like yours even though it doesn’t. eBay fell prey to this recently so it can happen to the savviest companies.

Have the phishers invented any new tricks that we should all be aware of? Are there better solutions emerging? Please post your thoughts and/or suggestions.

By Bill Nussey, CEO & Auhtor

Filed Under


Gazza11  –  Mar 23, 2005 12:38 PM


I heard the latest threat is from trojan horses that modify cached bank web sites so that users are sent to fake sites.


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

New TLDs

Sponsored byRadix


Sponsored byVerisign