EmailSafety.net - Phishing steals spotlight at MIT Spam Conference

Phishing steals spotlight at MIT Spam Conference

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

While the volume of unwanted e-mail ebbs and flows, the nature of unwanted e-mail is steadily becoming more dangerous, say spam experts.

Advances in anti-spam technology and increased use of these products are delivering somewhat cleaner in-boxes and less-annoyed e-mail users, experts say. But no technology has been developed that can effectively protect e-mail users from phishing attacks that steal personal and financial information, and until this form of fraud can be detected and blocked, unwanted e-mail remains a threat.

"The spam problem will get worse, and the reason is phishing," said Bill Yerazunis, senior research scientist with Mitsubishi Electric Research Laboratories, and chairman of the MIT Spam Conference, which held its fourth meeting in Cambridge, Mass., last week. Yerazunis estimates 20% to 30% of all spam messages are phishing attacks. "For people who aren't 'Net savvy, they could lose their retirement money," he said.

The response rate for phishing e-mails is higher than for spam, said Paul Judge, CTO of messaging security maker CipherTrust. So while spammers have to send more unsolicited e-mail, as anti-spam filters get better at identifying and blocking spam, phishing attacks are well enough disguised that a higher percentage of recipients click on them, he said.

Not only is phishing dangerous for potential victims, it is destroying banks' and other companies' ability to communicate with their customers in the most effective way, Judge continued. "Some of the most powerful entities on earth can't talk to their customers over e-mail" because phishing has corroded their customers' trust, he said.

As one of the dozen companies, universities and laboratories presenting papers at the MIT Spam Conference last week, CipherTrust focused its talk on the rising threat of phishing. The company last week also announced PhishRegistry.org, a service designed to warn legitimate Web sites when they are being spoofed by phishers.

Anti-spam products that filter content aren't able to catch phish because the actual theft doesn't happen in e-mail, but at the forged Web site that a phishing message sends recipients to, said Jonathan Zdziarski, research scientist at CipherTrust. The company has developed technology that creates a digital fingerprint of a Web site suspected to be bogus, and of the site it is spoofing, and compares the two.

Once a bogus site is identified, CipherTrust feeds that information into its Radar anti-phishing service and posts a notice at PhishRegistry. org, which Zdziarski defines as a "neighborhood watch for your Web site."

« Previous | 1 | 2 | Next »

Recent News:

· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered

Site Map | Recent News | Related Sites