Phishing attacks, and cures, grow more sophisticated

Phishing is hooking more victims as the e-mail fraud attacks become more sophisticated and prevalent.

According to Gartner, the number of phishing e-mail recipients has grown 28 percent in 2005. Because fraudulent e-mails negatively impact consumer confidence, the research firm's recent study predicts phishing and other security breaches will inhibit three-year U.S. e-commerce growth rates by 1 percent to 3 percent.

Evidence of the growing cunning of the attacks came Friday from threat protection vendor SurfControl, which said it discovered a new "Secured Phishing" technique capable of displaying the trusted padlock security icon on a fake site.

SurfControl rated the new phishing method as high risk because the padlock icon displayed at the bottom corner of a browser is a widely accepted symbol of a safe and secure Web site.

The "Secured Phishing" method uses self-signed digital certificates to use the HTTPS security protocol, which triggers the padlock icon, on spoofed Web sites. Typically, Secure Sockets Layer digital certificates are issued by a certificate authority. Windows generates a warning when it encounters a self-signed certificate, but many Web users don't understand the warning or ignore it, according to SurfControl officials.

To protect against the new phishing method, individuals visiting financial sites that ask for personal information should look for a valid SSL certificate issued by a Trusted Certificate Authority. These sites will not prompt an alert dialog box, according to SurfControl.

Stepping up the technology fight against phishers, e-mail security company Iconix this week rolled out visual e-mail identification software to help Web users identify trusted e-mail senders. The company also introduced the Iconix Truemark service, which allows businesses to mark their e-mail messages as secure.

To combat phishing, technology solutions need to go beyond authentication, said Lance Tokuda, CTO and Vice President of Engineering at Iconix.

For example, "Yahoo Mail already does domain key authentication, but you can't tell what's authenticated," he said.

Iconix displays a businesses' real logo on an e-mail message, which provides consumers with a visual indication of a legitimate e-mail.

"For Iconix to display an icon next to a message, the sender's logo has to be a registered trademark," Tokuda said. "This is not something that phishers can spoof."

In particular, the mapping between the e-mail address and the logo is not spoofable, he said.

"If you are not a real business the identity call will fail," said Jeff Wilbur, vice president of marketing for Iconix.

Iconix technology supports both the Domain Keys and SenderID authentication standards.

The Iconix e-mail ID software is available now for Yahoo Mail and Microsoft Internet Explorer. In coming weeks and months support for Hotmail, Outlook and Outlook Express will be added. Support for Firefox, Gmail, Comcast, Earthlink and AOL is also planned.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cathleen Moore

InfoWorld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?