Post date: Apr 13, 2011 5:2:3 PM
Authentication is Only Effective Way to Fight Phishing Attacks
"E-mail addresses have been vulnerable since e-mail addresses were created," says Rohrbaugh, VP of information security for Intersections Inc.
In the wake of the Epsilon breach, organizations have been vigilant to notify their customers about the incident, telling consumers their e-mail addresses have been exposed and linked to information that could subject them to phishing attacks.
Epsilon aside, Rohrbaugh says phishing attacks are increasing, and provide the best means for fraudsters to get their hands on consumers' identities -- which inevitably leads to fraud. "Social engineering is a very successful tool for the criminal," he says. "Phishing is more sophisticated." It's come a long way since the early days of "shotgun" phishing. Today's attacks are targeted.
In this interview, Rohrbaugh discusses:
The state of online security, generally;
The responsibility consumers must bear for ensuring their own online safety and protection of personal information;
Why e-mail server authentication is the only effective way the industry can fight phishing.
Rohrbaugh is a technologist with more than 20 years of government and private sector experience. Rohrbaugh's security career started in the military and continued under government projects for CSC at NATO, DISA, NMRC as an architect; and ST&E team lead and instructor for information security. After entering the private world and working for Metamor WW, Rohrbaugh started an e-business consulting firm that served the U.S. and Europe. Rohrbaugh then brought his information security experience to the financial sector and joined Intersections, which provides identity theft solutions to financial institutions in North America. Rohrbaugh's main focus is anti-fraud, ID verification (U.S. Patent holder) and security architecture.
http://www.bankinfosecurity.com/podcasts.php?podcastID=1086&rf=2011-04-12-eb