{"id":4596,"date":"2013-08-27T21:18:00","date_gmt":"2013-08-27T21:18:00","guid":{"rendered":"https:\/\/evssolutions.com\/improving-phishing-prevention-with-id-authentication\/"},"modified":"2013-08-27T21:18:00","modified_gmt":"2013-08-27T21:18:00","slug":"improving-phishing-prevention-with-id-authentication","status":"publish","type":"post","link":"https:\/\/evssolutions.com\/insights\/improving-phishing-prevention-with-id-authentication\/","title":{"rendered":"Improving Phishing Prevention with ID Authentication"},"content":{"rendered":"<p><span>When two parties need to ensure the other party&#13;<br \/>\nis trusted, digital signatures are great. The shared key is established after&#13;<br \/>\nboth parties have been authenticated, but the initial authentication is essential&#13;<br \/>\nto the transaction.Using a shared secret or out-of-band&#13;<br \/>\nauthentication method only verifies an account holder. But what if the account&#13;<br \/>\nwas set up fraudulently? Authenticating digital signatures with&#13;<br \/>\nout-of-wallet KBA (<\/span><a href=\"https:\/\/www.electronicverificationsystems.com\/products\/knowledge-based-authentication.aspx\"><span>knowledge based authentication<\/span><\/a><span>) ensures&#13;<br \/>\nproper verification of all parties involved.<\/span><\/p>\n<p><span>Standardizing how e-mail receivers perform identity&#13;<br \/>\nauthentication is the main goal of <a href=\"http:\/\/www.dmarc.org\/\">DMARC<\/a>&#13;<br \/>\n(the Domain-based Message Authentication, Reporting and Conformance initiative).&#13;<br \/>\nIf you sign an outbound email and someone receives an email from a similar&#13;<br \/>\ndomain but you havent signed it, they should know to reject it. The problem&#13;<br \/>\nis, DMARC only blocks e-mails if theres a corresponding DMARC record and the signature&#13;<br \/>\ndoesnt match. If there is no record, the email is sent.<\/span><\/p>\n<p><span>There are a few technical challenges and&#13;<br \/>\nsolutions in combating <\/span><a href=\"http:\/\/www.bankinfosecurity.com\/mitigating-phishing-key-issues-a-5812\"><span>phishing<\/span><\/a><span>.One of the most prevalent&#13;<br \/>\nsolutions is a digital signature, but they do come with inherent roadblocks. <\/span><span>A lot of institutions are relying on old&#13;<br \/>\nways like end-user education, training, web-filtering black lists and hiring&#13;<br \/>\nservices and organizations to help take down phish. There is also a problem&#13;<br \/>\nwith consumers not knowing or caring where their e-mails come from. Attackers will&#13;<br \/>\nkeep coming back until an institution has taken proper measures. A lot of&#13;<br \/>\nconventional phishing prevention practices assume DMARC is the answer and they&#13;<br \/>\nwont need to do anything to contribute to the monitoring and authentication.<\/span><\/p>\n<p><span>To overcome these&#13;<br \/>\nchallenges we recommend your institution build the right countermeasure by&#13;<br \/>\nidentifying the sources and the nature of each phishing attack. Using big data&#13;<br \/>\nwill allow you to potentially tie together the financial loss to specific&#13;<br \/>\nphishing sites and enhance your <\/span><a href=\"https:\/\/www.electronicverificationsystems.com\/solutions\/identifraud\/\"><span>business fraud prevention<\/span><\/a><span>.<\/span><\/p>\n<\/p>\n<p>[Contributed by EVS Marketing]<\/p>\n<p><!--EndFragment--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When two parties need to ensure the other party is trusted, digital signatures are great. The shared key is established after both parties have been authenticated, but the initial authentication is essential to the transaction.Using a shared secret or out<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts\/4596"}],"collection":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/comments?post=4596"}],"version-history":[{"count":0,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/posts\/4596\/revisions"}],"wp:attachment":[{"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/media?parent=4596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/categories?post=4596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evssolutions.com\/wp-json\/wp\/v2\/tags?post=4596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}