Phishing

"Phishing" attacks are attempts to harvest consumers' sensitive personal information, such as usernames and passwords, using a combination of technology and social engineering. Phishing attacks attempt to mislead consumers to fraudulent websites that closely resemble the websites these consumers visit and trust, such as online banking and online shopping websites. Consumers who fall prey to a phishing attack believe that they have reached the real website. Any information they enter into the fraudulent site, such as a username and password, reaches the fraudster who can later use it to sign into the consumer’s account.

The most common method of luring consumers to a fraudulent website is by sending consumers seemingly official e-mail messages allegedly sent by the authentic website. Links embedded in these e-mails point to the fraudulent website and not the real website. Other methods include Instant Messaging, search engines, blogs, advertisement, and malware.

Sample Attacks:

• Consumers Open One in Six Phishing Messages
• Phishing for Bloggers
• Phishing overtakes viruses and Trojans
• Phishers using Flash to evade filters
• Phishers hijack IM accounts:

Rapport automatically tags sensitive information entered by the consumer into protected websites. For example, when the consumer enters a bank website and types-in a username and password, Rapport tags this information as sensitive and associates it with the bank website.

Rapport's delivery confirmation layer constantly monitors the usage of sensitive information on the consumer’s desktop. If sensitive information is entered into unauthorized websites, Rapport warns the user and blocks the attempt.

The phishing protection provided by Rapport does not require updates when a new phishing site is released. If the consumer is lured into a new phishing website, the Rapport warning will pop up immediately when the consumer enters sensitive information into this website.

Other approaches to phishing protection use negative security filters in the form of blacklists and heuristics. These filters can be incorporated into the browser as a plug-in or a toolbar or can exist on a gateway device between the consumer and the internet.

A blacklist filter requires constant updates. Every new phishing site should be included in the blacklist, otherwise it can pass through the filter and reach the consumer. Vendors that offer blacklist filters run huge operations to gather real-time information on all active phishing websites. Unfortunately, there is an equally huge amount of phishing websites and it is impossible to keep track of all of them. Additionally, most phishing websites are only active for a few hours and during this time it is very hard for the vendor to identify the phishing website, add it to the blacklist, and distribute this information to filters installed on consumers’ desktops. Blacklist phishing filters are considered to be up to 70% accurate. This means that at least 3 out 10 attacks will bypass the filter. Additionally, a new type of phishing has emerged lately, also known as spear-phishing, which is basically a targeted phishing attack aimed at specific recipients. This attack flies under the radar of blacklist filters as only a very small number of people is exposed to it.

Heuristics-based filters look at each website the consumer accesses trying to guess whether this website is fraudulent or not. They do this based on a predefined set of rules. For example, a link that uses an IP address instead of a domain name is considered suspicious and so is a website that was just recently registered. When a suspicious site is detected, the filter presents a warning to the consumer. The problem with heuristics-based filters is that they can be very easily defeated. As they use a predefined set of rules, fraudsters can experiment with these filters and build a phishing website that does not violate the rules. Another problem with heuristics-based filters is the high rate of false positives that annoys consumers and disturbs their normal operation (for example: www.news.com.au)