Phishing attacks, and cures, grow more sophisticated

Phishing is hooking more victims as the e-mail fraud attacks become more sophisticated and prevalent.

According to Gartner, the number of phishing e-mail recipients has grown 28 percent in 2005. Because fraudulent e-mails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year U.S. e-commerce growth rates by 1 percent to 3 percent.

Evidence of the growing cunning of the attacks came Friday from threat protection vendor SurfControl, which said it discovered a new "Secured Phishing" technique capable of displaying the trusted padlock security icon on a fake site.

SurfControl rated the new phishing method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure Web site.

The "Secured Phishing" method uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed Web sites. Typically, Secure Sockets Layer digital certificates are issued by a certificate authority. Windows generates a warning when it encounters a self-signed certificate, but many Web users don't understand the warning or ignore it, according to SurfControl officials.

To protect against the new phishing method, individuals visiting financial sites that ask for personal information should look for a valid SSL certificate issued by a Trusted Certificate Authority. These sites will not prompt an alert dialog box, according to SurfControl.

Stepping up the technology fight against phishers, e-mail security company Iconix this week rolled out visual e-mail identification software to help Web users identify trusted e-mail senders. The company also introduced the Iconix Truemark service, which allows businesses to mark their e-mail messages as secure.

To combat phishing, technology solutions need to go beyond authentication, said Lance Tokuda, CTO and Vice President of Engineering at Iconix.

For example, "Yahoo Mail already does domain key authentication, but you can't tell what's authenticated," he said.

Iconix displays a businesses' real logo on an e-mail message, which provides consumers with a visual indication of a legitimate e-mail.

"For Iconix to display an icon next to a message, the sender's logo has to be a registered trademark," Tokuda said. "This is not something that phishers can spoof."

In particular, the mapping between the e-mail address and the logo is not spoofable, he said.

"If you are not a real business the identity call will fail," said Jeff Wilbur, vice president of marketing for Iconix.

Iconix technology supports both the Domain Keys and SenderID authentication standards.

The Iconix e-mail ID software is available now for Yahoo Mail and Microsoft Internet Explorer. In coming weeks and months support for Hotmail, Outlook and Outlook Express will be added. Support for Firefox, Gmail, Comcast, Earthlink and AOL is also planned.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cathleen Moore

Show Comments

Brand Post

Imou: At home with security

Modern living is all about functionality and security for everybody from the very young to the very old. With Imou anybody can enjoy smart life – the solution is at their fingertips.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?