Browser Protection Inadequate in Blocking Phishing Sites
Popular browsers despite their anti-phishing features are unable to reduce the outbreaks of e-mails designed to steal personal information, as reported by SC Magazine on June 20, 2007.
Blacklists in both Internet Explorer 7 and Firefox 2.0 browsers alert users preparing to visit websites previously identified as phishing sites. Popular browsers have been using blacklists since long. But the latest technique tries to protect Windows users more dynamically. It uses a positive identifying pointer to legitimate sites with the process leaving no room for social engineering tactics.
Several online vendors are using images and shared secrets to address the authentication problem. It frees companies and end users from the identification burden while putting the validation straight onto their desktops.
Although the suppliers of browser protection claim they are successfully blocking phishing attacks, in reality there's been no reduction in the volume of phishing e-mails so far, says David Jevans, chairman of the Anti-Phishing Working Group (APWG) and CEO of security firm IronKey at a meeting in San Francisco, as reported by SC Magazine on June 20, 2007.
But fraudsters have become wiser about blacklists. They now register a fresh domain for each phishing scam. The result is a recoded burst of a huge number of phishing domains. APWG records show that the number of this type of domains increased to 37,438 in May 2007 from 11,976 twelve months back, said Jevans.
Certainly the trend is not appreciable, Jevans said. SC Magazine published this on June 20 2007. By registering a different domain for every phishing attack, the criminal gets enough time, between the time he dispatches his e-mail messages and the time of blacklisting the site, for stealing the information.
However, browser vendors during the short term can circumvent the practice by putting heuristics systems to assess the activities on a website and indicate any doubtful pages to the surfer, advises Jevans.
A solution in the long run, however, could be by establishing a new system that would authenticate both websites and e-mails, suggests Jevans. But that would need the co-operation of the vital ISP, software vendor and hosting agency.
Related article: Browser Add Phishing Protection Features
» SPAMfighter News - 03-07-2007