Phishing Crackdown Fires Up

Tuesday, January 31, 2012 @ 04:01 PM gHale


Phishing attacks are getting more prevalent and more sophisticated and now 15 of the top technology companies in the world are saying enough. They started a phishing crackdown.

Google and Microsoft will work with companies like Paypal and the Bank of America, among others, to improve email authentication.

RELATED STORIES
Phishing Emails from US-CERT
Trojan Acts like Carrier IQ Tool
Scareware Meets Smartphones
Smartphone Users: Malicious Apps Abound

Phishing attacks typically involve scammers posing as familiar companies in an attempt to trick users into sharing personal information.

This coordinated effort aims to make this more difficult.

The Domain-based Message Authentication, Reporting and Conformance (DMarc) released plans to produce a “feedback loop” between email receivers and senders.

The initiative is the first significant attempt to bring together email and service providers along with key security organizations.

DMarc said this industry-wide involvement — which covers the receivers, senders and intermediaries of email use — will mean email providers will for the first time be able to reliably filter out unwanted emails, rather than use “complex and imperfect measurements” to determine threats.

It will mean an agreed standard for authenticating legitimate emails arriving at the inboxes of AOL, Gmail, Hotmail and Yahoo customers.

It will verify messages from Facebook, Paypal, American Greetings, Bank of America, Fidelity and LinkedIn.

“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the internet as a whole,” said Paypal’s Brett McDowell, chair of DMarc.

“Industry co-operation, combined with technology and consumer education, is crucial to fight phishing.”

Email security firms Agari, Cloudmark, eCert, Return Path and Trusted Domain Project complete the collaboration.

More companies will join the open standard as it develops.

Paypal spokesman Rob Skinner explained how the initiative should make things easier for the most vulnerable part of the security chain: The human.

Fake emails are obvious to many users, but DMarc hopes to remove the risk of clicking completely

“Half the problem is, with the best will in the world and improving technology, ultimately it’s still down to the user to decide [to open an email],” he said. “The key point is trying to block emails from getting to someone’s inbox; taking the worry and concern out of people’s minds and doing it for them.”

As one of the Internet’s most ubiquitous payment companies, Paypal often finds itself impersonated by scammers.

“We’ve acknowledged it’s been an issue,” Skinner said. “We’ve had a stack of initiatives over the years to cut down on it. Fraudsters target any company that is well known, has a lot of customers, and operates across the globe. We recognize our responsibility to do something about it.”



Leave a Reply

You must be logged in to post a comment.