Feeds

Anti-phishing group backs email authentication

Still rising

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

A group attempting to stop the new scourge of phishing fraud on the Web says email authentication technology could do the job, a concept backed by Microsoft.

The Anti-Phishing Working Group (APWG), which includes Internet service providers (ISPs), banks and on-line retailers, said that 95 per cent of phishing attacks in May came from spoofed email addresses. Were technology that forces email senders to reveal their true identity to become common, it would be much harder for those behind the attacks to hide in the cyber shadows.

Phishing attacks are usually email based and they tend to consist of messages that lure users to fake corporate websites. Once on the real-looking but phoney site, users are prompted to enter sensitive information such as bank account details, PIN numbers or credit card information, leading to identity theft and financial loss.

In May, APWG members recorded a six per cent rise in new phishing attacks, amounting to 1,197 new incidents, with 848 cases targeting the financial services sector.

"As hackers, identity thieves, and virus writers continue to join forces, these attacks are increasing and becoming much more sophisticated - to the point of being literally indistinguishable from legitimate email, even for technically savvy recipients," said Dave Jevans, chairman of the Anti-Phishing Working Group and senior vice president at Tumbleweed Communications, which helps to carry out the survey. "This continues to pose a significant threat to the financial services and retail sectors."

The organisation noted that email authentication technology, if widely deployed, could go a long way in stopping phishing attacks. It's an idea that Microsoft backs and on Monday the software giant's top man, Bill Gates, issued an update on its plans in this area.

Gates said Microsoft would look to proliferate new technical standards for email authentication and added that the firm would work closely with service providers and law enforcement officials to help end spam, which is considered the infuriating but less dangerous predecessor of phishing emails.

"Since I sent a message to customers on this subject a year ago, we've made significant advances against spam," Gates said. "It's still a major problem - an invasion of privacy, a costly drain on time and resources and, as a carrier of worms and viruses, a significant threat to computer security. The good news is that billions of junk emails are being blocked every day, and spamming has become a more difficult and less rewarding business."

"Clearly, we must find additional ways to counter spam," he added, pointing to the recent creation of the Anti-Spam Technical Alliance as a step in the right direction. "Wide agreement on the need to check messages for signs of forgery is a key step toward eliminating a favourite spammers' trick - one used to defeat spam filters and entice unwary recipients into opening attachments that may contain harmful worms and viruses. Domain spoofing is involved in half of all of today's spam."

Specific technologies in the works include Microsoft's Sender ID standard, which verifies an e-mailer's Internet Protocol (IP) address, which is more difficult to fake, he said.

© ENN

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.