Previous |
Next |
April 10, 2007, 03:55 PM ET
Anti-Phishing Technology Has Holes, Researchers Say
As “phishing” scams keep spreading like wildfire, it becomes tougher and tougher to tell the difference between real bank Web sites and dummies set up by online ne’er-do-wells. So some banks have stepped in with a tentative solution: They’ve started using a tool called SiteKey, which lets sites like Bank of America’s ask prearranged security questions of users logging in from new computers.
But even SiteKey isn’t foolproof, as a pair of researchers at Indiana University at Bloomington have pointed out. In a proof-of-concept video, the researchers show that clever phishers can still defeat the security tool. For the time being, most phishers will likely avoid Web sites that use SiteKey, one expert told The Washington Post‘s Security Fix blog. But if the technology becomes an industry standard, scammers may start exploiting its holes. —Brock Read
Add Your Comment
Commenting is closed.