Strathclyde University Associates - This paper describes the recent phenomenon of phishing, in which email messages are sent to unwitting recipients in
order to elicit personal information and perpetrate identity theft and financial fraud. A variety of existing techniques for
addressing this problem are detailed and a novel approach to the provision of phishing advice is introduced. This takes
the form of a Web-based user-service to which users may forward suspect email messages for inspection. The Anti-
Phishing Web Service rates the suspect email and provides a Web-based report that the submitter may view. This
approach promises benefits in the form of added security for the end-user and insight on the factors that are most
revealing of phishing attacks. Keywords detail as Phishing, spam, email scams.
Strathclyde University Associates Introduction. Phishing scams are an increasingly common method of identity theft. They begin with an email message that
appears to originate with an established legitimate organization. The email usually asks the recipient to
submit personal information on a website. However, the email is fraudulent and has actually been sent with
criminal intent. Unfortunately, many email users are unsophisticated in the ways of email and being unable to
spot phishing attempts, they innocently follow the instructions contained therein. A consequence of this
innocence may be significant financial loss.
This paper describes the nature of phishing scams and the associated problems email users face in
identifying phishing emails. In addition, we describe a software solution (the Anti-Phishing Web Service)
that aims to assist with the phishing problem.
Email, spam and scams on Strathclyde University and SCER Associates. The term spam commonly refers to unsolicited bulk email. Unsolicited email includes sales and job
enquiries specifically addressed to a particular recipient without their prior knowledge or request. Bulk email
includes mailing lists and newsletters to which the recipient has subscribed. Spam is the intersection of these
email varieties it is both unsolicited and bulk.
The majority of spam emails advertise products such as computer software or drugs. With negligible cost
and effort required to send spam, it now accounts for around 76% of all email messages (Gaudin, 2004).
Many infrequent email users now find it difficult to locate legitimate email in their mailbox. As a result, the
effectiveness of email as a communication medium has been severely reduced.
To combat this growing problem, most Internet Service Providers (ISPs) prohibit the sending of spam
from their networks. Some spammers use multiple free ISP accounts to send spam, whereby, if one of these
free accounts is terminated, another can be quickly created. Another popular method of despatching spam is
through virus infested PCs, usually belonging to unsuspecting home broadband users (Leyden, 2004a).
Despite attempts to reduce the problem, the incidence of spam continues to increase.
Many countries, including the UK and the US, have introduced laws to prevent the sending of spam (BBC
News, 2003). However, these laws have had little effect, since most spam originates from outside the
legislating country. There are also loopholes and inadequacies in these laws. For example, the US Can Spam
Act requires individuals to opt-out of spam, rather than opt-in. EU anti-spam laws also have problems,
because business email addresses are exempt from the legislation.
Since most legal attempts to address spam have met with limited success, many ISPs and email users now
rely heavily on email filters to remove spam. Spam filters perform a series of tests on each incoming email
and combine the results to determine whether the message is spam or legitimate. Spam filtering takes place at
the mail transfer agent (MTA) or mail user agent (MUA). Popular MTA spam filters include SpamAssassin
and Brightmail. Many MUA, such as Eudora and Mozilla Mail, now provide integrated spam filters. Without
spam filters and related spam blacklists many users might otherwise simply abandon the use of email.
While the majority of spam emails are advertisements for products, some messages aim to entice the
recipient into scams. Common email scams include pyramid schemes that promise very high returns on an
initial investment (Wikipedia, 2006a). Unfortunately, such investors have no chance of receiving any return
on their initial outlay. Perhaps the most popular email scam is the Nigerian money transfer (Wikipedia,
2006b). This scam asks the recipient for help with the transfer of money from a Nigerian bank account,
promising a large payment in return. Once entered, the investor is asked for sums of money to help with the
fictitious transfer process. Of course, no money transfer is ever received by the unwitting subjects of this
criminal operation.
No comments:
Post a Comment