E-mails from Nigeria asking for your help in transferring money. Important information about compromised bank accounts.
While the scams that daily flood our e-mail in-boxes show no signs of abating, there is some good news for the users who have to sort through them all.
Phishing attacks–the attempted theft of information such as user names, passwords or credit-card numbers–are increasingly more sophisticated, VeriSign said. But the company, which lives by the sale of computer security software, says phishing attacks are less profitable than they used to be, and of shorter duration, since affected companies work with Internet service providers to shut down sites capturing the information.
Pharming, also known as DNS spoofing because it fools the domain-name system, is an alternative technique that tries to direct users to a fake Web site even when the correct address is entered into a browser. “It’s as if you looked up a number in the phone book,” says Phillip Hallan-Baker, a Web security expert at Verisign, “but someone somehow changed the number, managed to swap the phone book on you.”
VeriSign’s report lists ways to lock down DNS infrastructure to shut down pharming. It encourages administrators to upgrade their DNS software and to install cryptography solutions. Hallan-Baker feels that pharming attacks that depend on cached information could be eliminated fairly easily. Pharming attacks infrastructure, so the company in charge of that segment could prevent further attacks by upgrading necessary components.
Hallan-Baker noted, however, that all these steps can only “lock down everything but the last few feet between the screen and the user’s brain.” Users are still not as protective of their online information as they should be. An informal survey conducted by VeriSign in early May found that 85% respondents compromised their passwords by providing their actual password, or hint about their password, for a $3 Starbucks (nasdaq: SBUX – news – people ) gift card.
While not a scientific survey, Hallan-Baker felt that the results were disturbing enough to urge a shift in network security from static credentials, such as passwords and credit-card numbers, to a more dynamic model where identifying information changes at intervals.
VeriSign’s report notes that, despite continuing security problems, Internet usage continued to grow at a rapid pace during the first quarter. New domain-name registrations rose, with .com names growing 29% and .net names growing 23%, compared to the first quarter of 2004. The number of e-commerce transactions has grown 31% over the last 12 months, and the average transaction is now about $150.
To Hallan-Baker, the need for security goes hand in hand with the growth of e-commerce: Consumer satisfaction depends on trusting the vendor and the security of the transaction. He feels the use of digital certificates to authenticate e-mails and Web sites develops accountability. Hallan-Baker compares the “lock” icon in browsers and the VeriSign logo on many e-commerce sites to the Visa and MasterCard logos that might be displayed by a brick-and-mortar business–a sign of legitimacy.