When we think of the victim in a phishing attack, we think of the unfortunate email recipient that has fallen for a ruse and has given away their sensitive information or downloaded malware to their computer. But there's often another victim in a phishing attack: the company whose brand has been usurped for the purpose of delivering a convincing message, albeit an illegitimate one.
Think of the PayPals, the UPSs and the Citibanks of the world -- the companies whose reputations suffer every time some cybercriminal spoofs a message so that it appears to come from them, businesses the recipient knows and trusts. According to the Anti-Phishing Working Group, an average of 418 companies had their good names besmirched as part of a phishing attempt each month in the last quarter of 2012. Perhaps your own company was among them.