EmailSafety.net - MIT researchers attack wireless shortcomings, phishing

MIT researchers attack wireless shortcomings, phishing

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Page 2 of 2

The researchers found that users had all sorts of excuses for getting fooled. Some assumed that funky-looking URLs were the result of a company outsourcing its business. Others found it difficult to distinguish between fraudulent sites and "ordinary weirdness" of the Web, Miller said.

Given that phishing schemes are so tricky, Miller's team is concentrating its efforts on redesigning browsers so that a user's intentions are clear to them. In other words, if a user wants to go to the site of a certain retailer, the browser would confirm the real URL for the retailer rather than letting the user go to a similar-looking, but bogus site. Key to doing this is improving not just security but usability, as Miller noted that enough roadblocks have already been thrown in front of users -- in the name of security -- when they try to conduct transactions on the Web.

Miller described his team's Web wallet project, which features such concepts as showing a user a list of proposed sites to visit, enabling the user to choose the site he really wants to visit. The wallet would also provide the user a place to fill in his personal information, banning the user from putting such information directly into forms on Web sites. Miller and colleagues have conducted a study on the wallet that found it did cut down significantly on spoof rates using current phishing attacks (7% of Internet Explorer users in the study fell victim to spoofs while using the wallet, whereas 63% without the wallet fell for the scams). But Miller warned that when its group added in some new phishing scams, such as presenting users with a fake Web Wallet, the overall percentage of users duped rose to 29%.

Miller concluded that security solutions need to respect user goals since "they're going to try to plow ahead and achieve those goals despite what security software is trying to tell them." Making security part of the natural workflow is key, he said.

For the latest on network-oriented research at university and other labs, go to Network World’s Alpha Doggs blog.

« Previous | 1 | 2 | Next »

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites