EmailSafety.net - MIT spam conference focuses on phishing

MIT spam conference focuses on phishing

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

BOSTON – At the fourth annual MIT Spam Conference held in Boston Tuesday, speakers said that while the volume of spam ebbs and flows, the nature of unwanted e-mail is steadily becoming more dangerous.

“The spam problem will get worse, and the reason is phishing,” says Bill Yerazunis, senior research scientist with Mitsubishi Electric Research Laboratories, and chairman of the conference. Yerazunis estimates between 20% and 30% of all spam messages are phishing attacks that attempt to trick recipients into giving away personal or financial information. “For people who aren’t ‘Net savvy, they could lose their retirement money,” he says.

The response rate for phishing e-mails is much higher than for spam, says Paul Judge, CTO of messaging security maker CipherTrust. So while spammers have to send more and more unsolicited e-mail these days, as anti-spam filters get better at identifying and blocking spam, phishing attacks are well enough disguised that a higher percentage get through such filters, and more recipients click on them, he says.

Not only is phishing dangerous for potential victims, but it is destroying large banks and other companies’ ability to communicate with their customers in the most effective way, Judge continues. “Some of the most powerful entities on earth can’t talk to their customers over e-mail” because phishing has corroded their customers’ trust, he says.

As one of the dozen companies, universities, and laboratories presenting papers at the MIT Spam Conference, CipherTrust focused its talk exclusively on the rising threat of phishing. The company on Tuesday announced its PhishRegistry.org site, a service designed to warn legitimate Web sites when they are being spoofed by phishers.

CipherTrust has developed technology that creates a digital fingerprint of a Web site suspected to be bogus, and of the site it is spoofing, and compares the two looking for a match, says Jonathan Zdziarski, research scientist at CipherTrust. Once a bogus site is identified, CipherTrust feeds that information into its Radar anti-phishing service and also posts a notice at PhishRegistry.org, which Zdziarski defines as a “neighborhood watch for your Web site.”

Fresh from an IETF meeting last week, Sendmail’s Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that’s wending its way through the standards body, and how it can be used to fight phishing.

« Previous | 1 | 2 | Next »

Recent News:

· Google comes in fourth on top 10 list of spam enablers
· The CAN-SPAM Act as a warning
· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009

Site Map | Recent News | Related Sites