Internet Giants Ready to Tackle Phishing
Posted by Adriana Tayraco on Tue, Jan 31, 2012
Mashable.com has recently reported that Google, Yahoo, Microsoft and AOL have put their differences aside and come together to create DMARC.org – the Domain-based Message Authentication, Reporting & Conformance. It will provide consistent authentication results across their email services: Gmail, Hotmail, Yahoo Mail and AOL.
What is interesting to note is that the Internet giants are all blaming the rise of phishing attacks on the growth of social media, among other factors. “With the rise of the social Internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more,” reads an explanation on the group’s site. “Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.”
While social media has indeed increased and opened opportunities for cyber criminals to expand their attacks on unknown users, blaming social media is like blaming an entire university institution for a student’s failing marks; while it may be true that teachers can be incompetent, a student’s overall learning capability and willingness to learn are more likely to explain the problem. Internet users need to be educated of the many dangers and risks of social media. Companies also need to set up social media policies and training in order to avoid phishing attacks within the infrastructure.
Nevertheless, DMARC promises to be a great initiative and according to Incidence Response Manager at BrandProtect and phishing and identity theft expert Dylan Sachs, “Assuming email senders comply with the configuration requirements, DMARC should definitely help reduce both the number of email-based malware infections as well as the losses associated with phishing attacks. SPF and DKIM have been in place for some time, but the inconsistency amongst email providers with regards to handling failed authentications has really limited their efficacy. This is not a "silver bullet", however: implementation of DMARC will not completely eliminate email as a delivery method for phishing and malware, and therefore continued vigilance in the fields of anti-phishing/anti-malware and user education is required for all involved parties.” He also recommends you still avoid clicking on a bogus URL on an email; if you receive one from an institution you are doing business with, it is still a good idea to contact the institution or browse through their website to access the link.
For more information and to read the entire article on Mashable’s website, please click here.
What are your thoughts? Do you think DMARC will work or will phishing always find its way through to your inbox? Let us know!