Phishing: E-Mail Needs Authentication

In the wake of the Epsilon breach, organizations have taken the lead to notify consumers, telling them their e-mail addresses have been exposed and linked to information that could subject them to phishing attacks.
The breach highlights the increasing sensitivity of e-mail. "E-mail addresses have been vulnerable since e-mail addresses were created," says Rohrbaugh, vice president of information security for Intersections Inc.
Rohrbaugh says phishing attacks are increasing and provide the best means for fraudsters to get their hands on consumers' identities -- which inevitably leads to fraud. "Social engineering is a very successful tool for the criminal," he says. "Phishing is more sophisticated." It's come a long way since the early days of "shotgun" phishing. Today's attacks are targeted.
In this interview [transcript below], Rohrbaugh discusses:
  • Online security;
  • Consumer responsibility for online safety and the protection of personal information;
  • E-mail server authentication.
Rohrbaugh is a technologist with more than 20 years of government and private sector experience. Rohrbaugh's security career started in the military and continued under government projects for CSC at NATO, DISA, NMRC as an architect; and ST&E team lead and instructor for information security. After entering the private world and working for Metamor WW, Rohrbaugh started an e-business consulting firm that served the U.S. and Europe. Rohrbaugh then brought his information security experience to the financial sector and joined Intersections, which provides identity theft solutions to financial institutions in North America. Rohrbaugh's main focus is anti-fraud, ID verification (U.S. Patent holder) and security architecture.

Phishing: Social Engineering

TRACY KITTEN: Phishing attack concerns have been heighted by the Epsilon e-mail breach, which is believed to have exposed countless consumer e-mail addresses affiliated with loyalty programs and marketing campaigns. How vulnerable are we to phishing and subsequently ID theft when fraudsters have access to e-mail addresses and affiliations that link those addresses to other information? I'm here today with Tim Rohrbaugh, vice president of Information Security for Intersections Inc. which provides the recovery service for the Identity Theft Assistance Center. Tim, can you give our audience just a general idea about the state of phishing generally?

TIM ROHRBAUGH: Phishing is simply a form of social engineering. Humans have been manipulating other humans for the purposes of gaining confidential information since we first started to communicate. The job of social engineering today is made a little bit easier, because of a lot of our evolved defenses are rendered useless. You can look at a person and make a characterization about whether they are a male or a female if they're in front of you, or maybe you know if they look confident or desperate, and those things are not available to you when you're dealing with e-mail. So, now we have to respond to an e-mail or a text and react in the same way if facing somebody in person. With e-mail, as a communication medium, all we have to look for is a sender's name. The links, which can be covertly hidden within the mail message itself, have to be recognized as legitimate or not -- whether they are leading off some place that you didn't suspect. The other thing to look for is the e-mail time link. Is it in context? Did we just recently read from our financial institution or local government that they would never send an e-mail asking for this information. These are all things that we're trying to evaluate when the e-mail comes in and determine what we're going to do. Today there is still not a good indication that the e-mail is from a verified source. The mail servers in between are trying to do authentication, but it's not fully implemented around the network. The junk mail filters work part of the time, but phishing attacks have changed a little bit.
KITTEN: How have phishing attacks advanced? And when I talk about the advancement of phishing attacks, I'm talking about beyond just phishing links. What other types of techniques are fraudsters using to hijack personal information?


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...