An Anti-Phishing Method
Green Armor develops technology to cut into what is becoming an expensive and embarrassing problem
By Tamina Vahidy
Friday, July 15, 2005
When you walk into a brick-and-mortar business, and interact with its personnel, it's almost impossible for you to be deceived. Sadly, that's not the case in cyberspace.
"The root cause of the phishing problem [is] the ease with which the online user experience of a legitimate business can be duplicated," says vendor Green Armor, which is offering a product known as Identity Cues to fight the problem.
The problem itself is spreading. Analyst Graham Titterington of Ovum offers one example: "Hackers send e-mails to employees of a corporation...requesting them to confirm their password at the attached URL. The hacker then gains access to the corporate IT system and steals some information that can be used to blackmail the corporation."
Another example of phishing is impersonation of a service provider. This is popular with so-called 419 scammers, who often create fake bank websites in order to lure in the unsuspecting.
Whatever the approach to phishing, its results can be devastating to individuals and businesses alike.
Titterington describes Green Armor's approach to the problem, which is to work from the enterprise side and offer users a "simple visual cue" (that is, a colored rectangular box with a word inside it) "that users can memorise it without any conscious effort, at least in a passive sense so that they will notice that something is wrong if it is different or missing."
Anyone who has created a Yahoo e-mail account will recognize at least one aspect of this approach, although one working from the other side. Yahoo wants to make sure automated programs do not generate e-mails, so it offers some mildly distorted text that an actual human has to be able to decode in order to get an e-mail. The point of Green Armor is the reverse of that; in other words, Green Armor is offering the text box and other visual cues as a way for the consumer to know that the corporate website is legitimate.
Regrettably, the Green Armor approach will work only when users havealready been to a certain website and noticed the cues. For example, if you've been going to an online banking portal and one day get an e-mail that instructs you to log in via a different link, you will notice the absence of the visual cue on that fake page. But Green Armor won't work when users go straight to a fake page, as in the case of some victims of the 419 scam. Technology is good, but it has to be coupled with common sense for best effect.
This story originally appeared at: