You've no doubt been the target of phishing scams--those e-mails that claim there's some kind of problem with one of your accounts somewhere. When you click through to a legitimate-looking Web site, you're asked for personal information that can then be used by the phishers for various nefarious purposes. There's been plenty of information written to help protect consumers against these attacks, but not much help for companies whose customers are being duped. When your customers are the target of a phishing expedition, your brand suffers and your help desk will be inundated with calls from confused customers.
You may not think you've got a problem; after all, most phishing scams target bank customers. Banks, however are getting a handle on this problem and as they do, phishers will move down the food chain. If you've got a sizable group of online customers, you should plan on getting hit sooner or later.
So, what do you do? The latest Alarmed column in CIO Magazine gives some concrete advice to businesses, based on information from Dave Jevans, the chairman of the Anti-Phishing Working Group. In short, the advice is proactively go after the sites and get their ISPs to shut them down. The typical phishing site stays up for one to three weeks, so anything you can do to shorten that time helps. This is messy business, but it has to be done. Don't wait until your customers are being targeted. Assign someone to make a plan now and then be prepared to put it into action.
Bonus link: Where did the term phishing come from?