Anti-Phishing Working Group sample essay
A report by the Anti-Phishing Working Group, an industry association dedicated to eliminating Internet scams, state that phishing activities target the financial service industry more than any other industries (Anti-Phishing Working Group 2008). Firms in the financial service industry are attacked 93.8% in one month (2008). Moreover, it reports that China is the top country hosting phishing sites, with 24.21 % (2008).
Other countries that complete the top 10 include the United States (23.85%), India (9.39%), Russian Federation (8.06%), Thailand (4.64%), Romania (3.53%), Germany (3.41%), Republic of Korea (2.42%), United Kingdom (1.47%) and France with 1.47% (2008). In a 2007 Consumer Reports survey, a staggering US$7 billion was lost due to viruses, spyware and phishing ploys in the US alone (Claburn 2007). Phishing is a very serious crime and its continued attacks damages, resulting in identity theft and more importantly, financial losses.
Phishing is the practice of sending emails that appear to come from legitimate businesses like AOL (America On-Line), Citibank, Best Buy and insurance agencies (Kay 2004). While the message appears authentic with the company’s logo, it lures the recipient to reveal sensitive information such as account numbers and passwords, purportedly for auditing (2004). In reality, these companies did not send the messages. The information then is used by fraudsters to make financial transactions, resulting in identity theft and financial losses for the unsuspecting victims (2004).
The term phishing is coined from an analogy that scammers ‘fish’ for information from the “sea of Internet users” (Ant-Phishing Working Group 2008). “Ph” is a known hacker replacement for “f” in reference to the first known hacking, known as “phreaking” (2008). John Draper (aka Captain Crunch), the first hacker, coined the term “phreaking” (2008). The first form of hacking started in the 1970s, when Draper hacked telephone systems (2008). In 1996, accounts that were hacked were termed “phish”, appearing on the alt.2600 hacker newsgroup (2008). Hackers were able to steal AOL online accounts from unsuspicious victims (2008).
Another example: in 2003, eBay Inc. customers were lured by email notifications informing them that their accounts were compromised and they had to re-register (Kay 2004). The problem was, eBay did not send any email. Over the years, phishing attacks grew from stealing AOL accounts. By 2006, fraudsters had become sophisticated, developing new strategies to steal. Some of the trends include plug and play phishing networks, phlashing, two-factor authentication, bank site phishing, XSS vulnerabilities, and MySpace phishing (Miller 2007).
Pug and Play phishing includes setting up phishing site networks on web servers (Miller 2007). The networks would be unzipped in a hacked site, resulting in an instant phishing network (2007). Phlashing involves using Flash animation to make spoof sites (2007). Two-factor authentication employs physical security devices to produce a single-use password (2007).This is an effort hyped by banks as a defense against phishing. However, it backfired on them. In July 2007, Citibank became a victim to two-factor authentication.
The bank used a physical item which would serve as security for the account holder. The said item would only work for a minute or so. Fraudsters were able to still capture pertinent information by luring a victim to log-in while validating it to the real Citibank site. This just shows how advanced these online criminals are. Phishers attack bank web servers more than any sites. In 2006, a Chinese bank’s web server was found to host phishing sites directed at US banks (2007). Even the popular social network site MySpace has also been a victim of phishing.
Several solutions have been developed to combat phishing. These are technologies created to stop the cycle, among which are aimed at authentication, spam filtering, domain name and phishing website detection (Wetzel 2005).
Mutual authentication involves identifying and validating the source of the email. Currently, two email address authentications are being developed: Sender Policy Framework and Microsoft’s Caller ID (Wetzel 2005). Likewise there exist similar programs already in the market- Goodmail and SafeScrypt (2005). Goodmail offers a stamping email service which filters spams so that email received that an email stamp bearing the legitimacy of the mail (2005). On the other hand, SafeScrypt ensures that the mail has a digital signature certificate issued by a valid authority (2005). Solution providers like McAfee, Symantec and Digital Envoy offer spam filters by automatically blocking suspicious emails (2005).
Symantec, for instance, updates fraud filters every four minutes to detect if an email is phished (2005). Fraudsters use domain names to copy legitimate names. VeriSign has a service that inspect web sites to detect if the domain name is legitimate or not (2005). Additionally, there are programs that detect if the entire website is being phished. GeoTrust, for example, features a browser tool that alerts users if they are visiting a bogus site (2005). Providers also come up with the total phishing solutions. Corillian is an example of a phishing solution provider. It has software disables phishing sites before they can “go live” (2005).
Phishing costs money and time. It is a never-ending struggle especially since fraudsters have become advanced in their techniques. But as the anti-fraud solutions continue to develop and grow, consumers are hopeful that this major glitch will eventually be put to an end. While operating expenses may rack up with the purchase of anti-phishing solutions, it is a small price compared to the billions of dollars lost in disentangling from the losses brought on by phishing.
Anti-Phishing Working Group. 2008. Phishing Activity Trends, 22 February 2008
Claburn, T. Viruses, spyware, phishing cost US consumers US$7 billion over
two years. 7 Aug. 2007. IT News, 22 February 2008
Kay, R. QuickStudy: Phishing. 24 Jan. 2004. Computer World, 22 February 2008,
Miller, R. Phishing Attacks Continue to Grow in Satisfaction. 15 Jan. 2007. Netcraft
Wetzel, R. Tackling Phishing. Feb. 2005. Business Communication Review.
Study Acers provides students with tutoring and help them save time, and excel in their courses. Students LOVE us!No matter what kind of essay paper you need, it is simple and secure to hire an essay writer for a price you can afford at StudyAcers. Save more time for yourself. Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more