NEWS
Phishing could soon be a thing of the past and the credit may have to go to Microsoft. That's according to a leading web security expert who says functionality built into Internet Explore 7 could shutter fraudulent websites within 18 months.
Tim Callan, a director at VeriSign, said anti-phishing guards in IE 7 - which will warn users off malicious websites where they may be asked to submit personal information such as bank or credit cards details - will help restore badly damaged consumer confidence.
Callan said: "Consumer confidence is falling and the biggest reason for that is fear, pure and simple. People fear that something bad is going to happen to them."
And he said phishing is the major cause of concern.
Typically phishing scams rely on a spoofed website made to look like the site of a leading bank or popular e-tailers such as Amazon or eBay.
However, when users visit a site with a fraudulent URL and no SSL certificate their address bar will turn red warning them they may be straying into dangerous territory.
If the site's URL tallies with who its owner is, and the SSL certificate is present, the address bar turns green, informing the user they are safe to carry on. In between these alerts there is a plain white address bar, which means 'nothing to report', and amber which advises caution.
Callan said: "This has the potential, a year or 18 months down the line, for phishing, as we know it, to have become a really small problem.
"I've had a lot of contact with the people who are really going to use this, 150 of the largest web properties in the world, and not one of them has said 'I'm not going to use this'."
However, he admitted the fight is far from won and agreed criminals will already be plotting their next move.
He said: "The bad guys are going to start to work on it. They will be chipping away at it and I'm not going to pretend they won't at some point have success."
Mark Sunner, CTO of MessageLabs, which intercepts phishing emails in the cloud before they reach the end user, said the scheme is a definite improvement on previous browsers but added that "any assumption this will wipe out phishing is an exaggeration".
Sunner said: "You've got to keep some perspective. Everything like this is all good but the more sophisticated phishers move a lot more quickly than the technology. They will already be working on ways around this and new methods of attack."
Comments
There are 2 comments. Join the discussion
1. Richard
Shame about MS's choice of colours:
Firefox has long used an amber URL bar to indicate a successful, secure SSL connection.
Now in MS IE7, an amber bar indicates "caution;" green indicates "safety."
Firefox or IE7 will have to change.
Guess which organisation will respond and put its users first.
2. anonymous
They are voluntarily missing the target.
If M$ products as IE are prone to accept fishing and the like malware there is a secure way to stop it:
Delete IE from your PC!
M$ is saturating the world with insecure software from ages.
Why do we be confident in the nth promise of secure IE version?
Think about this...