«Back to Media Page
RavenEye offers new guidance for companies to protect their data from pretexters
The RavenEye Defense Initiative is the latest service from the information security consulting company to help companies protect critical data
TAMPA, Fla. (Feb. 8, 2006) – RavenEye, a leading information security consulting company, announced today it will offer its clients new guidance to protect them from so-called “pretexters,” thieves who fraudulently obtain critical company data or records under the pretext of legitimate inquiries.
Joseph Kirkpatrick, RavenEye’s president, said his company’s new awareness and training initiative – dubbed the RavenEye Defense Initiative -- provides client companies with a number of aggressive new measures and tactics to protect them from the fraudulent pretexting attacks that are becoming disturbingly commonplace.
"Companies such as telecommunication, utilities, insurance and other providers with customer service capabilities are targets of these data thieves," Kirkpatrick said. “This new set of RavenEye services and strategies give companies important new weapons to help them defend against these threats.”
The new RavenEye package gives companies ways to detect pretext attacks, Kirkpatrick said. It also provides a number of training methods to better prepare company employees for when pretexter attacks actually take place. Employees often give out critical company information without realizing that they are being victimized by pretexters.
"The RavenEye Defense Initiative provides our clients with the means to assess their employees' propensity to comply with requests for private information,” Kirkpatrick said. “It also gives companies the tools they need to produce relevant training, giving them the ability to stay ahead of malicious thieves and hackers."
Other benefits of the RavenEye Defense Initiative, Kirkpatrick said, are forensic investigations, which help identify companies employing pretexting methods. The results of those forensic investigations can provide invaluable evidence in lawsuits or cease-and-desist actions.
Pretexters are at the information security forefront because Verizon Wireless, Cingular Wireless, Sprint Nextel and T-Mobile have all filed lawsuits against companies who use the fraudulent methods to gain access to customer call detail records.
Pretexting attacks are not new, but they are becoming more commonplace, Kirkpatrick said. For example, private investigators and attorneys have long used pretexting tactics to gain access to call detail records.
Consumer concerns about information privacy are at an all-time high, Kirkpatrick said. Companies are struggling to find new ways to guard against such attacks. The Gramm-Leach-Bliley Act made pretexting for financial information illegal in 1999, and in early February of this year the Cellular Telecommunications and Internet Association, the U.S. Telecom Association and the Electronic Privacy Information Center all testified on the issue in hearings before the House Energy and Commerce Committee.
The government needs to do more to help guard against pretexters, Kirkpatrick said, but he predicted that companies will always have to find new ways of their own to protect their valuable private data.
"There is no silver bullet for this vulnerability," he said. "Criminalizing the sale of call detail records is necessary, but it will only be another hurdle that the fraudsters will jump."
Based in Tampa, Fla., RavenEye provides information security consulting services for businesses seeking to verify compliance with federal and state information security laws. Certified information security professionals conduct independent assessments and audits to test policies, procedures and incident response in order to prevent information leaks and security breaches.