Can Strong Authentication Sort Out Phishing and Fraud?

Technical paper

Authentication, especially two-factor authentication, is seen as an important step against on-line crime, especially for on-line banking and Internet shopping. But authentication alone is not enough to protect computer users against the efforts of organized crime to thieve their credentials, their data and even their identity.

In fact, strong authentication in only one part of a system may even make things worse if users expect to rely entirely on technology to protect them from phishing and related attacks. Organized criminals have realised (precisely because they are organized) that phishing and identity theft can be carried out over an extended period, by piecing together snippets of information from separate attacks for a final sting. For example, logging on using an authentication token will neutralize password stealers, but the very presence of a token authentication request can make an ideal trigger for spyware, especially if its goal is to build up a pattern of your on-line behaviour by monitoring your financial transactions.

This paper traces the recent evolution of malware techniques in response to technological changes in our security regimes, and proves once again the old cliche that the price of freedom is eternal vigilance. The Bad Guys are out to get us, and if they can turn our defences against us, even in the slightest way, then they surely will.

This paper was presented at the VB Conference 2006

Télécharger Can Strong Authentication Sort Out Phishing and Fraud?

Authentication, especially two-factor authentication, is seen as an important step against on-line crime, especially for on-line banking and Internet shopping. But authentication alone is not enough to protect computer users against the efforts of organized crime to thieve their credentials, their data and even their identity. Télécharger maintenant

Author

Paul Ducklin

One of the world's leading anti-malware experts, Paul has given papers and presentations at numerous industry events, including Virus Bulletin, ICSA, AVAR and AusCERT conferences. He is a respected industry spokesperson and a regularly-published author on computer security.

download Téléchargez notre outil gratuit de suppression des virus
Découvrez ce que votre antivirus actuel n'a pas su détecter.