Technology against Phishing Needs to be Blended with User-Education
Trusteer the security company recently conducted an experiment according to which, a phishing scam can fool even an extremely wary Internet-user. Taking a sample of 100 individuals who had accounts on LinkedIn the social-networking website, Trusteer dispatched e-mails to them quite like the regular messages received from LinkedIn. The result - almost 70% of the individuals got deceived and conned. Security published this on April 15, 2011.
Actually, despite constant explanations of phishing assaults and warnings against them, people continue to become victims. Generally, security professionals are capable of elucidating the safe stuff that users require seeking as also the ways for avoiding getting victimized, still victims get made.
Meanwhile, during the Trusteer experiment, the security company, in the guise of one fresh identity, dispatched a bogus employment warning to the selected individuals. It stated that because LinkedIn issued a warning whenever any contact of an end-user had one fresh job, it decided for utilizing the particular update technique for crafting a fake e-mail. So it selected a contact of the 100 individuals respectively and told them that this contact was employed at a firm, which was a direct rival of the Trusteer victims' firms, the company elaborated. SCMagazine published this on April 15, 2011.
Trusteer further explained that it introduced a link "View [contact's name] new Title" along with the contact's photograph. Hitting on the link produced a landing web-page, which, however, wasn't of LinkedIn. The landing page wasn't harmful either only that it was to act as one potentially malevolent site, which loaded malware onto visiting PCs, Trusteer continued.
Curiously, 24-hours since the e-mail's receipt, 41 of the experimented individuals became victimized with the con and in 7-days, 68, suggesting the enormous return on the crime had it been a genuine assault.
Nevertheless, technology although beneficial won't stop people from becoming victimized with phishing scams. Possibly, it'll be better if technology is combined with fundamental user-education since successes of phishing scams occur via eluding technology and exploiting the human nature.
Besides, Trusteer suggests enterprises to evaluate their approach again vis-à-vis phishing assaults as these act extremely perilous during their day-to-day operations.
Related article: Technology Companies Favor Notification Law for Data Infringement
» SPAMfighter News - 22-04-2011