Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. A typical method of phishing is the use of fraudulent e-mails and Web sites to lure consumers into sharing personal and financial information. Criminals are sending out millions of “urgent” e-mails trying to get unsuspecting consumers to divulge personal information such as their Social Security numbers or the passwords for their online accounts. Besides sending fraudulent emails, phishing can also be found in popular social web sites (YouTube, Facebook, Windows Live Messenger), auction sites (eBay), online banks(online payment processors (PayPal), or IT Administrators (Yahoo, ISPs) are commonly used to lure the unsuspecting.
Phishing can cause denail of access to e-mail to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. Experts has recommended several prevention methods to overcome phishing.
Browsers alerting users to fraudulent websites
Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure. Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust.
Eliminating phishing mail
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.
Password Rescue
This approach this proposed by Dinei Florencio, Cormac Herley in microsoft research. First, microsoft make no attempt to prevent information leakage. Rather, it try to detect and rescue users from the consequences of bad trust decisions. Second, microsoft harness scale against the attacker instead of trying to solve the problem at each client. The scheme increases in efficiency with the scale of deployment: it offers very little protection if a small fraction of users participate, but makes phishing almost impossible as the deployment increases.
Augmenting password logins
This is usually used by the banking industry. A bank's website ask users to select a personal image, and display this user-selected image with any forms that request a password. Users of the bank's online services are instructed to enter a password only when they see the image they selected.
Phishing can cause denail of access to e-mail to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. Experts has recommended several prevention methods to overcome phishing.
Browsers alerting users to fraudulent websites
Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure. Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust.
Eliminating phishing mail
Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.
Password Rescue
This approach this proposed by Dinei Florencio, Cormac Herley in microsoft research. First, microsoft make no attempt to prevent information leakage. Rather, it try to detect and rescue users from the consequences of bad trust decisions. Second, microsoft harness scale against the attacker instead of trying to solve the problem at each client. The scheme increases in efficiency with the scale of deployment: it offers very little protection if a small fraction of users participate, but makes phishing almost impossible as the deployment increases.
Augmenting password logins
This is usually used by the banking industry. A bank's website ask users to select a personal image, and display this user-selected image with any forms that request a password. Users of the bank's online services are instructed to enter a password only when they see the image they selected.
http://en.wikipedia.org/wiki/Phishing
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html
0 comments:
Post a Comment