Enterprise Email Fraud Threatens Security of Sensitive Corporate InformationMailFrontier CEO Speaks at DEMO 2004 About Fraudsters Gaining Access to Secure Corporate Networks SCOTTSDALE, Ariz., DEMO Conference, Feb. 16, 2004 -- At DEMO 2004 today, Pavni Diwanji, CEO and co-founder of MailFrontier, warned corporate executives and IT directors of a growing threat to enterprise messaging: corporate email fraud. While phisher scams -- a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information -- garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information. "E-mail is arguably the centerpiece of corporate business transactions and it has become the most vulnerable of enterprise applications," said Chris Shipley, executive producer of DEMO 2004. "MailFrontier has developed an innovative solution to educate and protect enterprises against email fraud, while continuing to address the market demands for greater reliability and integrity of enterprise email systems." During 2003, the Federal Trade Commission (FTC) received more than a half-million complaints regarding fraud and identity theft, according to a January 2004 FTC report. Internet-related fraud accounted for 55% of all fraud reports, up from 45% in 2002. MailFrontier today announced two products that protect corporations and individuals from email fraud. MailFrontier Enterprise Gateway(TM) 3.0 (see separate press release) and MailFrontier Desktop(TM) 4.0, both include the company's unique anti-fraud identification, filtering and quarantine capabilities. They are the only such products on the market that actively protect email users from this dangerous threat. "Spam is a nuisance that clogs up our inboxes and wastes our time. Email fraud, on the other hand, is something that can steal our identity or bring down a corporation," said Diwanji. "Increasingly, corporations are being swindled out of money and time as a result of email fraud. Enterprise fraud is becoming more sophisticated, and therefore more dangerous, every day. Fraudsters are making email systems untrustworthy and rendering every email source suspect." In a real-world example, a large media company's new hires fell victim to enterprise email fraud. Upon starting at the company, the new hires received employee orientation, which included warnings to protect sensitive information such as the SecurID cards and corporate network usernames and log-in passwords they had just received. Shortly after the orientation, several new employees received an email written in the official corporate format and asking them to re-authenticate their SecurID cards by providing serial numbers corporate usernames, and PINs. The request appeared to come from the IT department, and several new employees provided the information. The emails were fraudulent and as a result, the enterprise's network was compromised, exposing secure corporate assets and employees' personal information. "Only the most alert and knowledgeable users can spot the difference between legitimate and fraudulent email," noted Rich Mogull, research director at Gartner. "Addressing the email fraud problem will require a combination of education and technology. Until the structure of the Internet includes needed anti-fraud capabilities, email, messaging security and Web browsing vendors should include anti-fraud functionality in their enterprise and desktop products." Build a Protection Strategy Most enterprises need an integrated plan to defend themselves from email fraud, one that combines the time-proven success of consistent and accurate communication with the technology methodologies of cutting edge email security, such as domain authentication. Such an approach consists of three essential components: -- Detect Email Fraud: Identifying email fraud is very different from identifying spam, and it requires filtering methods specifically tuned to identify techniques utilized in fraudulent emails, such as hex-coded URLs. -- Protect Against Email Fraud: Install a comprehensive email security solution that protects against enterprise email threats, be they fraud, spam or viruses. A solution that integrates fraud, spam, and virus detection in one product provides IT directors with an efficient, easy-to-administer solution. -- Educate Users: Develop a corporate security policy that includes user awareness as an integral component. The more users know about fraud in the enterprise, the more likely that they will take appropriate action and not compromise the organization. Most people would never think to question an email from their IT department asking them to reset and confirm their network password. Email fraudsters count on this and do not hesitate to exploit that trust in email and the vulnerabilities of this critical business communications tool. Due to the nature of their business, some businesses such as financial services companies or health insurance providers, may be higher profile targets for email fraud attacks. However, one thing is clear -- every company is vulnerable to email fraud attacks directly aimed at their secure enterprise environment and the vital information it protects. About MailFrontier Desktop 4.0 MailFrontier Desktop 4.0 includes the company's anti-fraud capabilities as well as updated spam-filtering rules and effectiveness. It is currently available directly from MailFrontier for $39.95. Interested parties please note that MailFrontier Matador is now called MailFrontier Desktop. About MailFrontier Enterprise Gateway 3.0 Available by the end of this quarter, MailFrontier Enterprise Gateway 3.0 is the first integrated anti-spam, anti-fraud, anti-virus and policy management enterprise software suite providing a comprehensive messaging security solution. For additional information, see separate MailFrontier press release. About MailFrontier MailFrontier is a pioneer in messaging security, ensuring the continued vitality of email for business communication. Enterprises need to keep email secure and productive. MailFrontier approaches this problem with a focus on email users, becoming the first company in the industry to provide a unique user-centric approach. This comprehensive and integrated approach has now become the standard for email security offerings. MailFrontier has more than 300 enterprise customers, including Pier 1 Imports, Wyndham International and Peet's Coffee & Tea. Founded in February 2002, MailFrontier is headquartered in Palo Alto, California. The company's investors include New Enterprise Associates, Draper Fisher Jurvetson and Menlo Ventures. For additional information, go to http://www.mailfrontier.com. NOTE: MailFrontier, MailFrontier Enterprise Gateway and MailFrontier Desktop are trademarks of MailFrontier Incorporated. All other company and product names are trademarks or registered trademarks of their respective holders. SOURCE MailFrontier Incorporated Web Site: http://www.mailfrontier.com |