Application security

Another phishing expedition

Share

The biggest takeaway from all of this? Personally identifiable information must be secured. Period. No more excuses. Whether customer or employee data, it's been provided to a corporation or government agency under an implicit trust that must not be taken lightly.

While many companies have done an adequate job in securing their networks, they need to be mindful of protecting the data, as both need to be secured. Having a framework that allows for a pre-planned, comprehensive strategy for securing data is really the only answer.

Takeaways for the consumer? Maintain a healthy dose of suspicion when requested to provide personal information. Phishing attacks became so common last year that every reputable financial firm announced they would not generally attempt to contact their customers via email in the event of an account issue, and if they did there would be no link in the email. So this problem is a focus, and hopefully other companies will develop similar procedures. A piece of advice is to never, ever give out personal identity information to anyone that calls. If your institution calls and claims they need such information, ask which department they work in and state you will call back. Do not take a number from the caller, but get the customer service number for the institution off a statement or their website and call that number, and ask if they are actually seeking the information and why.

Another phishing expedition

Late August 2006, we saw the most recent example of a highly valued brand damaged by a data breach as AT&T reported that hackers had gained access to credit card information and other personal data of approximately 19,000 of its customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.