Joseph Steinberg describes severe flaws in latest infrastructure-based attempt at combating phishing

February 15, 2012 - Hackensack, NJ – Joseph Steinberg, C.E.O. of Green Armor Solutions, a leading provider of online security technology, today discussed the need for site authentication and the weaknesses inherent in the new DMARC anti-phishing initiative.

 

DMARC, an effort supported by several large firms including AOL, Bank of America, Facebook, Fidelity Investments, and LinkedIn, was announced to great fanfare late last month, and attempts to curtail phishing by helping email receivers determine if a message aligns with what the receiver knows about the sender.

 

In an interview, Steinberg noted that “DMARC is not the first, and will likely not be the last, attempt to curtail phishing by implementing complicated technical infrastructure that completely ignores the source of the phishing problem. Phishing exploits a human weakness, not a technological vulnerability, and attempts to curb phishing that do not address the core problem will never successfully eliminate the problem.”

 

By attempting to block the delivery of phishing emails, rather than by addressing phishing directly, DMARC and other email-infrastructure attempts to fight phishing leave users seriously vulnerable. Criminals can still send phony ‘forwarded’ emails, use rogue WiFi access points to route unsuspecting users to phishing sites, phish users using any phishing technique that does not rely on email as a delivery mechanism, and phish users via email to any email system, or impersonating any email system, that does not support DMARC.

 

Furthermore, a security breach at even a single organization using DMARC may undermine the validity of DMARC checks at other organizations, creating security vulnerabilities. This means that DMARC may be unable to scale adequately without compromising its effectiveness.

 

DMARC may reduce the number of phishing emails that people receive, but it will never come close to eliminating phishing. It may even exacerbate problems by creating a false sense of security among users on DMARC-enabled email systems, such that when a problem does occur more people may fall prey to it that would have otherwise. Emails sent from “similar-looking domain names” -- for example from fideltiy.com instead of fidelity.com -- would reach users who may have been conditioned to the fact that emails from Fidelity are secure, and who may not notice the improper sender domain.

 

“The best way to protect people against phishing is to enable humans to distinguish legitimate entities from fraudulent ones, regardless of how the phishing solicitation reaches them. This can be achieved by leveraging real, psychologically-sound site authentication and the human response mechanism behind it, but not by implementing complicated technologies that can, at best, only deliver partial success, and, which, at worst, may condition users to fall prey to even more scams that they would have without the technology in place.

 

For more information about Green Armor Solutions and its authentication offerings please visit:

 

http://www.GreenArmor.com

 

About Green Armor Solutions Inc.

 

Green Armor Solutions offers innovative solutions to information-security challenges facing today’s businesses. Its Identity Cues series of products leverage a unique blend of psychology and technology to help deliver maximum security with maximum user convenience. They provide strong two-factor authentication and site authentication thereby helping to protect against phishing, pharming, and online fraud, while allowing users to continue to enjoy the simple, comfortable user experience with which they are already familiar. Identity Cues authentication products can help companies address security and privacy requirements as part of compliance initiatives for FFIEC/NCUA Authentication, HIPAA, and GLBA. Green Armor’s systems help secure numerous financial environments including those at First Bank, EPIC Advisors, dozens of hospitals, and hundreds of credit unions. For more information please visit:

 

www.GreenArmor.com

 

The marks Green Armor Solutions, Green Armor, SiteAuth, Identity Cues, Identity Cues Two Factor, and the Green Armor Solutions logo are trademarks of Green Armor Solutions, Inc. All other marks are the trademarks of their respective owners.

---

 

Note: Green Armor Solutions Inc. does not update the contents of its press releases after the releases have been issued. As a result, information in a particular press release may not be accurate if read at a point in time subsequent to the initial release. Furthermore, to the extent that any press release contains information that is not historical fact, that information should be considered opinion or forward-looking.

Green Armor authentication software helps enterprises secure access to online systems from computers and mobile devices by using a unique, patent-pending blend of psychology and technology to deliver "maximum security with maximum convenience," curtailing cybercrimes and ensuring compliance with regulatory requirements (FFIEC, HIPAA, GLB, etc.), while allowing users to continue to enjoy the same simple user experience with which they are already comfortable.