Want CNET to notify you of price drops and the latest stories?

This week in security news

The rise in online scams has companies spending hefty sums to educate customers about fraud prevention and to address phishing damage.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Phishing is one of the fastest-growing forms of personal fraud in the world. While consumers are the most obvious victims, the damage spreads far wider--hurting companies' finances and reputations and potentially undermining consumer confidence in the safety of e-commerce.

Phishing scammers typically send out an e-mail that appears to come from a trusted company, such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts.

Companies are paying a hefty amount to fix phishing damage. In many cases, they make good on their customers' losses. Companies are also spending money to educate customers about fraud prevention, and the cost of polishing up a tarnished brand is hard to estimate.

As part of that effort, banks are looking to bring down the number of phishing attacks by adopting two-factor authentication, which would require people to produce two forms of identification, according to Microsoft. The company's chief security strategist, Scott Charney, said that companies had failed to adopt the technology as fast as he would have liked.

"We haven't had as much adoption as you would hope for," Charney said at the Microsoft IT Forum in Copenhagen. "A lot of solutions for two-factor authentication are for enterprise spaces. If you get two-factor authentication to the consumer level, you reduce the phishing threat."

Microsoft has been focusing a lot on security, as well as coming under a lot of security scrutiny. This week, three more vulnerabilities were found in version 6 of Internet Explorer. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers and could be used together to allow malicious content to bypass a mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a Web session, if the site handles authentication in an insecure manner.