Phishing Threats: DMARC standard to fight domain spoofing in phishing mails

Saturday, February 4, 2012

DMARC standard to fight domain spoofing in phishing mails

Realizing the rising threat of phishing mails, the email providers and Facebook as also Paypal and Bank of America along with others are teaming up to fight phishing threats. http://searchenginewatch.com/article/2143128/Google-Microsoft-Facebook-Teaming-Up-to-Fight-Phishing They are focusing on implementing the DMARC Internet standard -- Domain-based Message Authentication, Reporting and Conformance. http://nakedsecurity.sophos.com/2012/02/02/dmarc-microsoft-facebook-google-unite-to-fight-phishing/ This would further require as first steps the implementation of SPF Sender Policy Framework and DKIM - Domain Keys Identified Mail standards. The question is: will this put a break on domain spoofing?

No comments:

Post a Comment

Phishing Threats

Computer users receive emails from their bankers or employers, or from utility companies or other institutions or organizations they deal with or even from friends on facebook or twitter, asking for updating their personal information by clicking on links provided in the mail. They take it for granted that these are genuine mails and in good faith click on the links. The phishers who are organized criminals redirect the users to malicious websites and harvest their personal information. The users ultimately become victims to identity theft, financial frauds and even more serious crimes leading to blackmail, murder, and so on.

Phishing attacks engineered by criminals through the medium of phishing emails ultimately lead to loss of consumer confidence in online transactions that include financial transactions and social interactions through Facebook and other social networking sites.

This is an attempt to survey the phishing threat landscape, to identify the criminal groups and their modus operandi and to understand the impact of phishing on online users.