A financial services research organization has launched a new initiative to address the phishing problems that have been plaguing the sector. The three-phase project, to be conducted with the collaboration of other industry groups, will first look at technical requirements for counterphishing solutions and consider and test plans. The second phase will be used to implement pilots, assess results, and provide recommendations for the most promising solutions. The third and final phase will be dedicated to implementing these recommendations.
The initiative is the brainchild of the Financial Services Technology Consortium (FSTC), which comprises banks, financial services firms, universities, government agencies, national laboratories, and industry partners. The group will work with other organizations with similar focuses, such as the Anti-Phishing Working Group (APWG) and BITS (formerly called the Banking Industry Technology Secretariat).
Phase 1 of the project, estimated to be completed around spring 2005, includes a registry of current and known phishing threats, vulnerabilities, and attack models; a comprehensive inventory of available solution sets; a taxonomy of phishing; and a compendium of proposals to test and evaluate potential solutions. Phase 2 should be completed in late summer or early fall.
The FSTC project comes as APWG notes the average monthly growth rate in phishing attacks to be as high as 50 percent, with close to 2,000 attacks in July alone.
Another report estimates as many as 1.7 million phishing victims may have divulged their personal information to scammers, according to The Phishing Guide: Understanding & Preventing Phishing Attacks, a new study from Next Generation Security Software (NGS).
The NGS paper gives the history of phishing attacks and explains the different types of phishing attacks and defenses. Its author, Gunter Ollmann, professional services director at NGS, points out that defending against phishers is a task that should not be left to the financial-services sector alone. "By taking a hands-on approach to their security, organizations will find that there are many tools and techniques available to them to combat the Phisher," Ollmann concludes.
@ The FSTC Counter-Phishing Initiative Project Proposal, the newest trends report from the Anti-Phishing Working Group, and the NGS paper on understanding and preventing phishing attacks are at SM Online.