TRUSTe AND ERNST & YOUNG LLP ISSUE GUIDE TO HELP COMPANIES AVOID THE RISKS ASSOCIATED WITH PHISHING FEARS

Businesses absorb more than 90 percent of phishing attack costs as consumers lose faith in Internet-based communication; TRUSTe and Ernst & Young LLP provide guidelines to help maintain safer digital communications with customers

San Francisco, CA– April 11, 2005 – TRUSTe, the leading online privacy non-profit organization, and Ernst & Young LLP, a leading professional services firm, today released a guide titled, “How Not To Look Like a Phish” to help businesses communicate with their customers in ways that can help minimize the risks associated with phishing attacks. Phishing is the criminal act of posing as a legitimate business via digital communications to extract information such as social security numbers, credit card numbers and banking account numbers.

In a recent TRUSTe/Ponemon Institute study, 76 percent of respondents said they believe businesses bear the burden of educating the public on phishing protection. Sixty-four percent added that it is unacceptable for organizations to remain silent on the issue. To ease this burden and help businesses rebuild the public’s trust in online communication channels, TRUSTe and Ernst & Young recommend best practices, including eliminating pop-ups, instant message and e-mail as tools for collecting information and removing cross-site scripting from a company’s Web site.

“This burgeoning threat is not only putting the finances of individuals and businesses at risk, but also undermining the basic trust that makes e-commerce and digital communication possible,” said Fran Maier, executive director of TRUSTe. “Most anti-phishing advice emphasizes the ways individuals can identify and avoid fraud, but businesses also must make it easier for their customers to distinguish legitimate from fraudulent online communications. This threat must be addressed as soon as possible by every company using online customer service.”

“Companies need to avoid communicating with customers in ways that can be easily replicated by phishers,” said Brian Tretick, a Principal with the Technology Solutions and Risk Services group of Ernst & Young LLP. “In addition, companies must have a clear domain name strategy that makes it difficult for copycat Web sites to exist, and steps need to be taken to eliminate any application security flaws that may allow malicious hackers to hijack your own Web site addresses.”

The top recommendations from the guide include the following practices:

1. Eliminate using instant message and e-mail to collect information, unless the contact is initiated by the customer.
2. Never use an urgent, threatening, or time-sensitive tone.
3. Explicitly spell out Web site links and keep the links as straightforward and descriptive as possible. Don’t hypertext words like “click here” that are commonly used to mask false Web site addresses.
4. Personalize customer e-mail with non-threatening personal data like a first name so recipients know that the e-mail is coming from a company that knows them.
5. Direct customers to respond via your main home page as much as possible.
6. Protect your name by checking for unauthorized Web sites that use variations of your company name.
7. Authenticate your Web sites using digital certificates.
8. Be clear in communicating your anti-phishing strategy to customers.

A copy of the full guidelines, including illustrative do’s and dont’s, is available upon request.

About TRUSTe
TRUSTe, the online privacy leader, is an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world. Founded in 1997, TRUSTe’s privacy certification and seal programs are considered Safe Harbors for the Children's Online Privacy Protection Act (COPPA) and the EU Safe Harbor Framework. TRUSTe maintains the largest privacy seal program with more than 1,300 Web sites certified throughout the world including AOL, Microsoft, IBM, Intuit, and The New York Times. For more information on TRUSTe please visit www.truste.org.

About Ernst & Young
Ernst & Young, a global leader in professional services, is committed to restoring the public’s trust in professional services firms and in the quality of financial reporting. Its 100,000 people in 140 countries around the globe pursue the highest levels of integrity, quality, and professionalism to provide clients with financial, transactional, and risk-management services in its core Audit, Tax and Transaction Advisory practices. Further information about Ernst & Young and its approach to a variety of business issues can be found at www.ey.com/perspectives. Ernst & Young refers to all the members of the global Ernst & Young organization.

###

 

AppLabs Technologies