Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Phishing Steals Spotlight at MIT Conference 74

Posted by Zonk from the beware-of-pork dept.
Bob Brown writes "Companies are coping with spam, but phishing is another matter altogether, according to researchers at the annual MIT Spam Conference this week. From the article: "The response rate for phishing e-mails is much higher than for spam, says Paul Judge, CTO of messaging security maker CipherTrust. So while spammers have to send more and more unsolicited e-mail these days, as anti-spam filters get better at identifying and blocking spam, phishing attacks are well enough disguised that a higher percentage get through such filters, and more recipients click on them, he says."
This discussion has been archived. No new comments can be posted.

Phishing Steals Spotlight at MIT Conference More

Phishing Steals Spotlight at MIT Conference

Comments Filter:

  • Help stop them, by reporting them (Score:5, Informative)

    by WyrdOne ( 96731 ) on Friday March 31, 2006 @06:10PM (#15037639)
    http://reportphish.org/ [reportphish.org]

    Also, those of you who use GMail, there is a "Report Phishing" option under "More Options"

  • Temporary e-mail (Score:5, Informative)

    by Dekortage ( 697532 ) on Friday March 31, 2006 @06:22PM (#15037724) Homepage

    From the article: Among these were a proposal to improve Bayesian filter accuracy, a system for generating temporary e-mail addresses so that a person's preferred address doesn't have to be given out, spam filters based on adaptive neural networks, a new message-verification platform. (emphasis added)

    This is called "keyed e-mail". I have used a keyed email system from Zoemail [zoemail.com] in the past and it works very, very well for this purpose. There is some extra time required for managing the keys, but the idea works great for me. (and no I do not work for them... I just think the technology works.)

  • Why not cryptographically authenticate e-mail? (Score:5, Informative)

    by fortinbras47 ( 457756 ) on Friday March 31, 2006 @06:32PM (#15037807)
    The technology is there (PGP etc.. etc...) but as far as I can tell, hardly anyone besides comp security lists use it.

    If you visit a website and initiate an SSL session, the public-private key cryptography (along with the public root certificates imbedded in your browser) will verify that the website you're visiting is really who they say they are. (Or at least that Verisign thinks they are legit.)

    I don't see why companies don't make a similar effort to cryptographically authenticate their e-mail. People use PGP for security advisories etc......, but I don't understand why all e-mail coming from my bank, coming from Paypal etc... shouldn't be signed.

    If there was a portion of your e-mail window at the bottom right hand of your screen that said stuff like:
    "This is an authentic e-mail from BankOfBlanBlah signed on 3/31/06 at 3:52PM" or "This is an unsigned e-mail. It is possible that this e-mail is fraudulent." or "This e-mail has an incorrect signature. It is highly possible that its contents are fraudulent."

    My rough guess that e-mail authentication isn't done because (1) programmers are lazy and sending plain text is easier to program and (2) The way you do e-mail auth in e-mail clients is all different and a huge mess from a usability standpoint.

    It might put at least a dent in some of this phishing stuff if people expected all e-mail from e-bay, paypal, their bank, amazon etc... to be signed.

Slashdot Top Deals

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Close