What is Phishing?

Phishing is a sophisticated scam based on social networking.  Unlike other attacks where intruders rely on vulnerabilities in a server or website application, these scam artists would prefer that the system remain intact.   Instead, they look for vulnerabilities in the actual person themselves, hoping they can find someone who is trusting enough to believe the alarming message in their inbox and respond or follow the provided link.

There are essentially two types of phishing.  One approach involves a scam artist sending you an email and purporting as a representative of an institution you do business with.  This could be any type of company from a bank to someone pretending to be affiliated with PayPal or eBay.  They will inform you that there is problem with your existing account and that your login credentials are needed to fix it.

The second approach is similar yet distinct from the method above.  A phony representative attempts to alarm you by stating that there is a problem with your account.  However, they don’t ask for you to respond with your login credentials, but simply follow the provided link so they can either verify your personal information or correct the problem.  After clicking the link, you are not redirected to an official online banking or PayPal website, yet a rogue site that looks strikingly similar, so much that distinguishing it from the real deal might be difficult.  Upon entering the requested information, you are essentially handing over the keys to your valuable assets and possibly your identity.

So, what role will DomainKeys play in the fight against phishing?  As a product owned by Yahoo and integrated into its web-based mail system, the technology will help to protect you against email scams in the following ways:

Website owners register their Domain Name Servers with the DomainKeys system from which emails are required to be transmitted from a registered server.

DomainKeys incorporates an additional header to message, identifying the sender’s domain name server to verify where the message originated.

The message is then verified by the web-based mail system which analyzes the header to ensure that it originates from where it claims.  If the header isn’t validated, the message is automatically sent to a spam folder.

Yahoo has been working to push DomainKeys as a standard for web-based anti-phishing for sometime now.  With Gmail recently picking up the technology, it’s very likely that it will become standardized in the very near future.  Unfortunately, internet criminals are quite persistent and seem to find a way around the most efficient security mechanisms.  Whether you use a free web-based mail system by Yahoo, Gmail or through your own website, the best advice is to never respond to a suspicious email or click on any links.  If a message appears legitimate, contact the company personally and speak with an official representative.  This will determine if someone was trying to bait you with a phishing scam.

Related posts:

• November 28, 2011 – Bit-Defender Internet Security Review
• November 21, 2011 – The WePay Surge: Why They May Dethrone PayPal
• September 23, 2011 – A Look at Various Anti-Spam Packages
• September 4, 2011 – Spam Assassin – Your Savior From Spam
• June 29, 2011 – How to Conduct a Background Check for Web Hosting Providers
• June 20, 2011 – eCommerce Shop for Specialized Web Hosting
• May 5, 2011 – Creating a Website in Niche Marketplaces
• April 13, 2011 – Using Captcha Scripts to Prevent Spam
• March 9, 2011 – Adjusting Product Catalogs and Shopping Carts for Higher eCommerce Conversions
• March 3, 2011 – Three Ways Web Hosting Providers Secure E-Commerce Transactions

NTTA (NTTA America) Inc., wholly owned subsidiary of web hosting and services company NTT Communications, is set to discuss its latest white paper on network security.  The white paper focuses on the increasing number and development of network attacks, the impact of “silent threats” and how both small and large networks can help to mitigate these growing problems.  The paper is set to be presented by Darren Grabowski, manager of NTT American Security and Abuse Team, on December 1 at the IEEE Globecom 2008 conference in New Orleans.  The white paper will be publicly available at NTT America’s website starting on December 3.

Grabowski states that spam, phishing, malicious software and DDoS attacks are all growing problems that just are not going to go away.  He says that small and large networks must work cohesively to deploy monitoring systems and report their findings to mitigate these threats.  Grabowski ended by remarking that most companies already have such tools incorporated into their networks, saying that more of them simply need to invest a small amount of time and effort into using these mechanisms and protecting themselves in a more proactive manner.

The firm is presenting the white paper as a part of a broader initiative spearheaded by NTT’s Dr. Kazuhiko Ohkubo.  Along with other panelists, Ohkubo will be introducing comprehensive approaches in regard to better security in advanced telecommunications networks, basing new service creations on the ring of trust and secure ROI management.

Aptly titled “The Silent Threat”, the white paper touches on how millions of computers connected to the internet are being compromised at an alarming rate.  It also reveals how a single botnet initiation has the ability to enslave thousands of machines, abuse the internet infrastructure and cause financial havoc.  The white paper outlines the measures small and large networks can take to mitigate these common threats simply by utilizing many of the tools they already have in place.  Darren Grabowski believes such measures will prevent attacks while keeping expenses at a minimum.

The NTT America Security and Abuse Team has the task of responding to security and abuse issues such as spam, port scanning, malware, DDoS attacks and across NTT’s entire Global IP Network.  They are also responsible for consistently monitoring the network, utilizing a number of tools such as those that look for trends in bandwidth consumption in comparison to legitimate traffic, as minimal consumption often shows signs of a silent threat.

As a U.S. subsidiary of NTT Communications Corporation, NTT America acts as North America’s gateway to the Asia-Pacific region.  It provides world-class IP networking services, managed network and enterprise hosting solutions to customers and service providers throughout the world.

Related posts:

• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• July 21, 2011 – How to Combat a DDoS Attack
• March 2, 2011 – The Release of the February 2011 Email Security Report
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• May 18, 2010 – How to Find a Secure Web Hosting Company
• March 11, 2010 – Top 3 Important Aspects of Web Hosting Security
• December 15, 2009 – The Top 3 Web Hosting Security Issues
• August 11, 2009 – Bursting Five Managed Hosting Misconceptions