Feeds

Anti-phishing group backs email authentication

Still rising

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

A group attempting to stop the new scourge of phishing fraud on the Web says email authentication technology could do the job, a concept backed by Microsoft.

The Anti-Phishing Working Group (APWG), which includes Internet service providers (ISPs), banks and on-line retailers, said that 95 per cent of phishing attacks in May came from spoofed email addresses. Were technology that forces email senders to reveal their true identity to become common, it would be much harder for those behind the attacks to hide in the cyber shadows.

Phishing attacks are usually email based and they tend to consist of messages that lure users to fake corporate websites. Once on the real-looking but phoney site, users are prompted to enter sensitive information such as bank account details, PIN numbers or credit card information, leading to identity theft and financial loss.

In May, APWG members recorded a six per cent rise in new phishing attacks, amounting to 1,197 new incidents, with 848 cases targeting the financial services sector.

"As hackers, identity thieves, and virus writers continue to join forces, these attacks are increasing and becoming much more sophisticated - to the point of being literally indistinguishable from legitimate email, even for technically savvy recipients," said Dave Jevans, chairman of the Anti-Phishing Working Group and senior vice president at Tumbleweed Communications, which helps to carry out the survey. "This continues to pose a significant threat to the financial services and retail sectors."

The organisation noted that email authentication technology, if widely deployed, could go a long way in stopping phishing attacks. It's an idea that Microsoft backs and on Monday the software giant's top man, Bill Gates, issued an update on its plans in this area.

Gates said Microsoft would look to proliferate new technical standards for email authentication and added that the firm would work closely with service providers and law enforcement officials to help end spam, which is considered the infuriating but less dangerous predecessor of phishing emails.

"Since I sent a message to customers on this subject a year ago, we've made significant advances against spam," Gates said. "It's still a major problem - an invasion of privacy, a costly drain on time and resources and, as a carrier of worms and viruses, a significant threat to computer security. The good news is that billions of junk emails are being blocked every day, and spamming has become a more difficult and less rewarding business."

"Clearly, we must find additional ways to counter spam," he added, pointing to the recent creation of the Anti-Spam Technical Alliance as a step in the right direction. "Wide agreement on the need to check messages for signs of forgery is a key step toward eliminating a favourite spammers' trick - one used to defeat spam filters and entice unwary recipients into opening attachments that may contain harmful worms and viruses. Domain spoofing is involved in half of all of today's spam."

Specific technologies in the works include Microsoft's Sender ID standard, which verifies an e-mailer's Internet Protocol (IP) address, which is more difficult to fake, he said.

© ENN

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Put down that shotgun: Wi-Fi's the way to beat Zombies
CreepyDOL sensors can pick walkers from humans with MAC snack attack
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.