Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

MessageLabs fraud protection service helps companies combat online identity fraud

  • 21 January, 2004 12:04

<p>(Sydney, Hong Kong) January 21, 2004—MessageLabs today announced a new fraud protection service aimed at helping financial institutions, retailers and other e-commerce businesses combat online identity fraud through a new type of email scam known as phishing. The company is introducing the service in Asia Pacific after selectively providing it to major banks in Australia, the United States, and the United Kingdom and proving its effectiveness, value and reliability.</p>
<p>The service features real-time scanning, expert analysis and authentication, incident response and early notification of suspicious email activity. The company uses Skeptic™ Radar—built on proprietary, multi-patented technology—to scan 32 million messages a day from around the world and detect threats and anomalies. When a scam is identified, analysed and authenticated, the company notifies the targeted company and provides details of the attack. Companies are then able to work with law enforcement agencies to quickly and effectively shut down scammers.</p>
<p>MessageLabs’ Australian operation spearheaded the development of the new service, has project managed the global launch, and will play a prominent role in the 24x7 global monitoring of email fraud. The anti-fraud service has been evolved from MessageLabs’ anti-virus, anti-spam and porn-filtering technology.</p>
<p>"We have successfully detected and helped prevent attempted fraud at more than 15 banks and other financial institutions globally, including three in Australia, several in the UK and one of the largest in America. In many cases, MessageLabs alerted in-house IT staff to the problem before they knew of its existence.” said MessageLabs' Technical Director Asia Pacific, David Banes.</p>
<p>Banes says MessageLabs’ Sydney-based technical team has refined the Fraud Protection service over recent weeks, informally alerting major institutions at risk, and working with local law enforcement agencies to help shut down web sites associated with scams. Now the company has developed its real-time detection technology to a level where it can be offered to the wider market.</p>
<p>As the leading provider of email security services to the financial sector, MessageLabs views the addition of the Fraud Protection service as the next logical step in helping to protect companies against new and evolving types of email security threats.</p>
<p>“E-commerce has grown fivefold since 1999. Internet spending alone totalled $100 billion in 2003. It’s taken years for consumers to gain confidence in online banking, bill paying and e-commerce; phishing scams could slow this growth substantially unless businesses take additional steps to protect their customers,” said Mark Sunner, Chief Technology Officer at MessageLabs. “Unfortunately, in spite of securing their sites, adopting best practices and proactively warning customers against new types of fraud, consumers and businesses are still falling victim and suffering losses.”</p>
<p>Measuring the Need
Identity fraud attacks that use viruses, spam, spoofed web sites and social engineering techniques are increasingly and successfully victimizing financial institutions around the world.
While relatively new, they have targeted banks, credit card companies, online payment entities on every major English-speaking continent.</p>
<p>An estimated 20% of all recipients that receive the bogus emails have been duped into providing user names, passwords and social security numbers, in spite of repeated warnings from the businesses themselves. Once the theft has been completed, the cyber criminals can use the information to drain savings accounts, secure new lines of credit, complete online purchases and conduct other transactions that jeopardize consumers’ financial standings.</p>
<p>Whether the work of organized crime or a sophisticated new breed of cyber criminals, these scams use emails that appear to come from legitimate organizations and direct recipients to fraudulent web sites where they are instructed to update personal account information. In the most sophisticated cases, the spoofed site almost perfectly replicates an organization’s brand and online presence, including HTML graphics and security toolbar icons that lead users to believe the site is valid.</p>
<p>If not stopped early, identity fraud results in immediate and significant financial loss to targeted institutions and their clients. The short-term impact of client calls, complaints, confusion and churn can cost companies thousands of dollars and untold hours in lost productivity as they divert IT, legal, PR and client service resources to remedy and control the incident. Beyond losses incurred by the victimized clients, the company’s brand equity suffers as uncertainty and fear drives away existing and future clients, impacting short and long-term profitability.</p>
<p>Phishing also creates legal liabilities related to violating consumer privacy and the strict protection of highly sensitive information. The unauthorized dissemination of personal data constitutes a breach of privacy law commonly held in most countries, including various financial privacy laws in the U.S. and the Data Protection Directive in the European Union.</p>
<p>Service Benefits and Case Study
During a recent pilot program, MessageLabs detected a scam, notified the targeted bank and worked with its incidence response team and regional law enforcement agencies to identify where the emails were coming from and where the web site was being hosted. By serving as an early warning and notification system, MessageLabs played a key role in ensuring the termination of the web site within two and a half hours. This quick action limited the bank’s exposure to the scam and prevented its customers from being victimized.</p>
<p>By proactively taking an aggressive stance to counter phishing scams, companies can reduce risks and costs related to this type of fraud, better protecting customers’ identities and financial holdings.</p>
<p>The service supports compliance with US federal mandates such as Gramm-Leach-Bliley, which dictates stringent controls over the unauthorized dissemination of sensitive financial information.</p>
<p>“This ability to identify threats as they occur is a huge advantage for customers and can make or break the success of the scam. In other cases, companies are relegated to using labor-intensive techniques—such as honey pots—that rely on manual detection of malicious emails and give the criminals behind these activities precious time to victimize consumers,” said Sunner.</p>
<p>For more information about the service, please visit www.messagelabs.com/fraud.</p>

Most Popular