SiteKey tries to counter phishing - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

BitTorrent blocking; SQL injection attack. Listen now!

Network World 360

Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!

Network World 360

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Discover how to Create an Orchestrated Data Center through Virtualization Novell

IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

it's ture, at least for the time being, people living in china cann't access to blogspot, wikipedia(the...- someone_who_s_in_china

Join the Discussion

SiteKey tries to counter phishing

* How SiteKey's anti-phishing method works
Security Strategies Alert By M. E. Kabay , Network World , 04/03/2007
Sign up for this newsletter now!
  • Social Web 
  • Email 
  • Feedback 
  • Close

The Anti-Phishing Working Group (APWG) continues to publish its regular reports on phishing, the practice of sending potential victims misleading e-mail messages directing them to fraudulent Web sites that look like official Web pages, usually for financial institutions such as PayPal or e-commerce sites such as eBay.

The APWG Phishing Trends Activity Report for December 2006 is full of startling details. For example, did you know that in December, there were 23,787 unique phishing reports to the group? That there were 28,531 unique sites involving 146 unique brands hijacked by criminals (of which 16 comprised the top 80%)? Another interesting result was the graph on the top 10 countries hosting phishing sites: No. 1 was the U.S. (25%), followed by the Republic of (South) Korea (16%) and then China (14%) for a total of about 55% of all the sites in the world.

I performed a simple parametric linear regression of phishing reports against month; the growth in the period studied was about 888 additional reports per month, and the regression was statistically significant {the F-test with [1,11] degrees of freedom for the analysis of variance was 19.035 (p = 0.0011)}.

Recently I ran into an interesting anti-phishing method that can be applied to any Web site. The method came to my attention when my old MBNA Visa card was transferred to Bank of America (BoA). When I signed up for online payments of my Visa bills (I hate sending paper checks by mail), I had to go through a novel registration process involving something called a SiteKey.

It seems that in mid 2005, BoA announced that it would use SiteKey in the hope of reducing the effectiveness of phishing attacks. Basically, SiteKey tries to authenticate a Web site to the user.

The method starts by having the user register as one would expect, with user identification and user authentication codes. However, SiteKey then presents the user with a large number of possible images in many categories (animals, sports and so on) from which the user chooses a memorable picture.

1 | 2 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code