Intended for technical practitioners, researchers and security executives, the report offers a comprehensive survey, developed by independent research organization Radix Labs, and analysis of counter-phishing technology. The report details technologies used by online identity thieves, or "phishers," and explores technologies that could dramatically reduce financial losses and consumer distrust.
"Discussions of counter-phishing strategies often turn into storytelling sessions, which are useful but not effectively prescriptive," said Peter Cassidy, Anti-Phishing Working Group secretary general. "With this report, researchers finally shine a flashlight into the engine room of e-commerce systems, give names to the gremlins, tell us where to find them and posit interventions that can take the components and protocols phishers exploit out of their grasp."
"Analysts estimate that online identity theft and fraud cost US banks and credit card issuers $1.2 billion in 2003, and this cost continues to steadily grow," said Patrick Lincoln, Ph.D., director of SRI International's computer science laboratory. "This new report was commissioned to increase awareness of the problem, offer new information about technology solutions and stimulate innovation. We see many opportunities to prevent phishing through new security technologies and hope this report will encourage innovative approaches to solving the problem."
"Instead of looking at individual pieces of the problem, we constructed an information flow that applies to all types of phishing attacks," said Aaron Emigh of Radix Labs, author of the report. "The report identifies chokepoints, which are points in the flow where there is an opportunity to stop a phishing attack. It offers countermeasures that can be applied at each chokepoint, drawn from existing technologies, new products, and academic research."
