Anybody with an email address is likely to have countless amounts of phishing messages in their inbox, and they may not even realize it. This type of threat usually doesn’t come at you with the attention-grabbing headlines of advertising spam or the unbelievable plots attached to the fraudulent messages carrying Nigerian scams. In many cases, a phishing message doesn’t look much like spam at all, even though it is a well crafted plan to steal your money. Believe it or not, a large number of people have fallen victim to this clever scam so it is important that you know how to recognize and avoid it.
What is Phishing?
Phishing is a sophisticated scam based on social networking. Unlike other attacks where intruders rely on vulnerabilities in a server or website application, these scam artists would prefer that the system remain intact. Instead, they look for vulnerabilities in the actual person themselves, hoping they can find someone who is trusting enough to believe the alarming message in their inbox and respond or follow the provided link.
There are essentially two types of phishing. One approach involves a scam artist sending you an email and purporting as a representative of an institution you do business with. This could be any type of company from a bank to someone pretending to be affiliated with PayPal or eBay. They will inform you that there is problem with your existing account and that your login credentials are needed to fix it.
The second approach is similar yet distinct from the method above. A phony representative attempts to alarm you by stating that there is a problem with your account. However, they don’t ask for you to respond with your login credentials, but simply follow the provided link so they can either verify your personal information or correct the problem. After clicking the link, you are not redirected to an official online banking or PayPal website, yet a rogue site that looks strikingly similar, so much that distinguishing it from the real deal might be difficult. Upon entering the requested information, you are essentially handing over the keys to your valuable assets and possibly your identity.
So, what role will DomainKeys play in the fight against phishing? As a product owned by Yahoo and integrated into its web-based mail system, the technology will help to protect you against email scams in the following ways:
Website owners register their Domain Name Servers with the DomainKeys system from which emails are required to be transmitted from a registered server.
DomainKeys incorporates an additional header to message, identifying the sender’s domain name server to verify where the message originated.
The message is then verified by the web-based mail system which analyzes the header to ensure that it originates from where it claims. If the header isn’t validated, the message is automatically sent to a spam folder.
Yahoo has been working to push DomainKeys as a standard for web-based anti-phishing for sometime now. With Gmail recently picking up the technology, it’s very likely that it will become standardized in the very near future. Unfortunately, internet criminals are quite persistent and seem to find a way around the most efficient security mechanisms. Whether you use a free web-based mail system by Yahoo, Gmail or through your own website, the best advice is to never respond to a suspicious email or click on any links. If a message appears legitimate, contact the company personally and speak with an official representative. This will determine if someone was trying to bait you with a phishing scam.