Feeds

Anti-phishing group backs email authentication

Still rising

  • alert
  • submit to reddit

Boost IT visibility and business value

A group attempting to stop the new scourge of phishing fraud on the Web says email authentication technology could do the job, a concept backed by Microsoft.

The Anti-Phishing Working Group (APWG), which includes Internet service providers (ISPs), banks and on-line retailers, said that 95 per cent of phishing attacks in May came from spoofed email addresses. Were technology that forces email senders to reveal their true identity to become common, it would be much harder for those behind the attacks to hide in the cyber shadows.

Phishing attacks are usually email based and they tend to consist of messages that lure users to fake corporate websites. Once on the real-looking but phoney site, users are prompted to enter sensitive information such as bank account details, PIN numbers or credit card information, leading to identity theft and financial loss.

In May, APWG members recorded a six per cent rise in new phishing attacks, amounting to 1,197 new incidents, with 848 cases targeting the financial services sector.

"As hackers, identity thieves, and virus writers continue to join forces, these attacks are increasing and becoming much more sophisticated - to the point of being literally indistinguishable from legitimate email, even for technically savvy recipients," said Dave Jevans, chairman of the Anti-Phishing Working Group and senior vice president at Tumbleweed Communications, which helps to carry out the survey. "This continues to pose a significant threat to the financial services and retail sectors."

The organisation noted that email authentication technology, if widely deployed, could go a long way in stopping phishing attacks. It's an idea that Microsoft backs and on Monday the software giant's top man, Bill Gates, issued an update on its plans in this area.

Gates said Microsoft would look to proliferate new technical standards for email authentication and added that the firm would work closely with service providers and law enforcement officials to help end spam, which is considered the infuriating but less dangerous predecessor of phishing emails.

"Since I sent a message to customers on this subject a year ago, we've made significant advances against spam," Gates said. "It's still a major problem - an invasion of privacy, a costly drain on time and resources and, as a carrier of worms and viruses, a significant threat to computer security. The good news is that billions of junk emails are being blocked every day, and spamming has become a more difficult and less rewarding business."

"Clearly, we must find additional ways to counter spam," he added, pointing to the recent creation of the Anti-Spam Technical Alliance as a step in the right direction. "Wide agreement on the need to check messages for signs of forgery is a key step toward eliminating a favourite spammers' trick - one used to defeat spam filters and entice unwary recipients into opening attachments that may contain harmful worms and viruses. Domain spoofing is involved in half of all of today's spam."

Specific technologies in the works include Microsoft's Sender ID standard, which verifies an e-mailer's Internet Protocol (IP) address, which is more difficult to fake, he said.

© ENN

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?