Internet protection needs enhancing
The industry needs to increase its defences against phishing to counter this new threat. This can be done at three levels:
The main security vendors are developing Internet monitoring activities to detect the sources of malware and traffic patterns associated with phishing and spam attacks. These activities are focused against high-volume attacks, while in-session phishing is a more targeted strategy. The dialogue between the victims browser and the phishing site is a potential tell-tale sign that might be detectable, but this will require enhancements to current tools and processes. Security suppliers should look at how they can improve their detection capabilities.
It is very difficult to educate large user communities, and it is particularly difficult when the users are not employed by or controlled by the organisation hosting the website. We therefore need a multi-faceted approach to current and future threats, with the maximum amount of support from the technology in the infrastructure.
Sign up for Computerworld eNewsletters.