'Content According to a report published by three academics from Harvard and Berkley universities, a well-crafted phishing attack is almost impossible to spot for most users, and hence the rapid growth in phishing-related scams.
Consumer phishing attacks still far outnumber those specifically targeting businesses and institutions, but this news should not lull network security managers into a false sense of security, as we will undoubtedly witness an increase in this aspect of phishing in the months ahead.
Although not targeted directly as yet by phishing scams, commercial and public sector organizations are already suffering losses as a result of these attacks, as their brands and online assets are reused by spoof emails and counterfeit websites. With losses accruing in the form of brand deformation and fraudulent transactions, companies and institutions in the public eye must do everything within their power to minimize the impact of phishing on their customers and on their corporate image.
The aforementioned research published by Messrs Dhamija, Tygar, and Hearst in 2006, provided us with the first real empirical evidence to suggest that many of the familiar security indicators in common use today are not effective when it comes to protecting users from phishing attacks. By studying phishing attacks dating back to 2003, the group identified three main dimensions along which attacks took place: lack of knowledge, visual deception, and lack of attention.
The participants in the phishing study ranged in age from 18 to 56, were students and university staff, and had varying levels of education. The tests reveal some interesting results, but the bottom line was as follows: a well-constructed phishing website was able to fool 90% of participants.
Web browsers, email clients, and computer operating systems designed for another age must continue to harden and evolve, and, ultimately, we the users must become aware and responsible for our actions online. So, as the UK government-sponsored Get Safe Online website tells us: "There is no such thing as 'the internet police,'" and therefore individuals and organizations must look out for their own interests in cyberspace.
Source: OpinionWire by Butler Group (www.butlergroup.com)
Sign up to our weekly newsletters for the latest industry news & comment.
- Unsubscribe details are contained within each Email
- To subscribe simply enter your Email address in the box above and click the subscribe button