[cap-talk] RE: [e-lang] Eyes on the goal: real phishing solutions

marcs marcs at skyhunter.com
Wed Feb 16 11:52:23 EST 2005



> > Does anyone think that preventing spoofing for all users over all 
> > possible
> > channels, and for every client supporting each channel, is 
> a realistic 
> > goal?
> 
> 
> Nope, not me.  I do not think there is any hope
> in fixing any channel.  In a general sense, phishing
> is a fraud in a class of frauds that includes invoice
> fraud, phone fraud, insurance fraud and basic
> stupidity.  There are no shortage of channels
> with which to deliver a fraudulent request for
> info or money.

This leads back to the question of what problem we are trying to solve. Yes,
the world has plenty of fraud. But fraud in the physical world is much
harder than phishing in the virtual world at this time. A major difference
is that phishing exploits features of poor user interface that are found
uniquely on computers. Features that encourage kinds and qualities of fraud
so distinctive that they got a new name (phishing) include the perfect
quality of mimicry supported by browsers, the absurdity of sending passwords
around the network, and the fact that it is almost zero-cost, to launch a
million such attack an hour.

If the only kind of fraud on computers that were possible were the kinds of
fraud found in the physical world, then there'd be a lot less fraud on
computers, and the term "phishing" probably wouldn't have been invented to
cover it, because it would just be plain old fraud.


--marcs





More information about the cap-talk mailing list