EmailSafety.net - Phishing steals spotlight at MIT Spam Conference

Phishing steals spotlight at MIT Spam Conference

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Page 2 of 2

Another company, MarkMonitor, attempts to identify potential phishing sites by these sites' domain names. The company, which is a domain registrar, provides a service that looks for newly registered or altered sites with domain names that are close to legitimate domain names, such as bankofamerica1. com, says Chuck Drake, senior vice president of fraud solutions.

Advance notice of a potential phishing scam lets MarkMonitor's customers work to shut down the fraudulent site through claims such as brand infringement, Drake said. If a phishing attack does happen, MarkMonitor's service also shuts down the fake site by contacting the site's ISP and presenting evidence of fraud.

This week MarkMonitor plans to announce a service called Phishing Readiness and Response, designed to bring these services to small and midsize financial institutions that may not have staff dedicated to fraud detection and prevention. The company says between July 2005 and January 2006 phishing attacks that target institutions with less than $500 million in assets jumped from 1% to 6% of all phishing attacks.

Sender authentication is another technology thought to be effective in preventing phishing, although it hasn't been widely adopted.

Fresh from an IETF meeting last month, Sendmail's Chief Science Officer Eric Allman spoke at the MIT conference about the progress being made with Domain Keys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that's wending its way through the standards body, and how it can be used to fight phishing.

While DKIM isn't a cure-all for spam and phishing, it presents an effective way for signers to assert that they really did process messages, and to hold them responsible. But DKIM and other authentication approaches won't work in a vacuum, he said. "We need to use authentication as input to a larger system; it's one part of a big toolbox," Allman said. "If something is authenticated that doesn't necessarily mean that it's good."

Another way to fight phishing is through public awareness. In preparation for tax season, the IRS last week announced an e-mail address - phishing@irs.gov - where residents can forward bogus messages claiming to be from the IRS.

« Previous | 1 | 2 | Next »

Recent News:

· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009
· Watch out for hidden cookies
· Microsoft downplays Windows Media Player bug

Site Map | Recent News | Related Sites