« Law School Identity Vertigo | Main | Princeton, Berkeley & Asians »

Wednesday, January 24, 2007

Phishing Battles

One of the biggest information-security vulnerabilities for financial web services involves phishing scams.  Individuals, responding to seemingly authentic emails, reveal their passwords or banking information to phishing con artists.  The problem has exploded in the last year.

PayPal hopes to protects its customers from phishing schemes by offering secure key fobs.  The devices display a six-digit code that changes every 30 seconds; PayPal uses a two-factor authentication login system that uses the device-oriented verification along with a conventional password.  Such a system prevents theft when one form of authentication is compromised.  Thus, if a user's password is stolen via a phishing scam, the thief will be unable to access the account.  This additional layer of security helps insulate users from theft.   

But just as the market seems to have provided a glimmer of hope in the battle against online fraud, phishing sites  are already cropping up that address the two-factor authentication process.  Scammers from Russia created a Citibank phishing site that requested the key fob code as well as a user's password, allowing the thieves to connect to the real Citibank web site.  In this age of information insecurity, consumers must vigilantly monitor their accounts.

Posted by Danielle Citron on January 24, 2007 at 06:07 PM | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference Phishing Battles:


The comments to this entry are closed.