Another anti-phishing initiative

Jun 24th, 2004

Comments: 0
Category: Phishing

Another anti-phishing initiative

There’s an article about a MasterCard program which combats phishing. I’ve got to say that I’m not that impressed by this kind of approach to combating phishing.
If what’s in the article is accurate it basically amounts to looking through content from the entire Internet for potential phishing scams and then shutting them down when they’re found….. This approach just strikes me as far to reactionary and prone to missing things. I would expect that currently a phishing scam will make most of it’s money in the first 24 hours of its operation and I’ll be a little suprised if Mastercards approach will be effective in shutting down these scams in that time frame.
There are other ways to combat this kind of attack (I linked to one before ). Another option would be 2-stage authentication by the service provider, where the user enters initial credentials, then the site responds with a secret (be it a phrase, word or fact about the users account) and asks for a secondary authentication. In this model the phisher will be able to get the inital credentials but will have a significantly lower rate at getting the secondary ones (of course some social engineering would still get some credentials out of people I’m sure)
Personally I think that this kind of system, or more probably, some form of 2-factor authentication will be the best way to combat these attacks. If running around stomping on sites as they popped up worked well, I’m sure we’d have considerably less SPAM and Virii doing the rounds……

Add a comment

Your email address will not be shared or published. Required fields are marked *