Section 14.4. Looking Ahead

14.4. Looking Ahead

Phishing attacks are likely to grow more sophisticated in the days ahead, and our defenses against them must continue to improve. Phishing succeeds because of a gap between the user's mental model and the true implementation, so promising technical solutions should try to bridge this gap, either by finding ways to visualize for the user details of implementation that would otherwise be invisible, or by finding ways to see the message from the user's point of view.

If technical solutions fail, we might ask whether there are legal or policy solutions. As a species of wire fraud, phishing is, of course, already illegal; no new legislation is required to prosecute an attacker. So, legal and policy solutions may have to restrict legitimate access instead, in order to make phishing attacks easier to detect or attackers easier to track down. One policy measure, already being undertaken by some companies, is to stop using email for critical communications with customers. AOL, one of the earliest targets of phishing attacks in the Internet era, has a unique message system for "Official AOL Mail" that cannot be spoofed by outsiders or other AOL members. More recently, eBay has responded to the spate of phishing attacks against it by setting up a private webmail system, "My Messages," for sending unspoofable messages to its users.

The success of phishing suggests that users authenticate web sites mainly by visual inspection: looking at logos, page layout, and domain names. The web browser can improve this situation by digging up additional information about a site and making it available for direct visual inspection. How many times have I been to this site? How many other people have been to this site? How long has this site existed on the Web? How many other sites link to it, according to a search engine like Google? Reputation is much harder to spoof than mere visual appearance. Authentication by visual inspection would be easier and more dependable if these additional visual cues were not all buried in the periphery of the web browser, but were integrated into the content of the page, in the user's locus of attention.

Another potential opportunity arises in the action step of an online interaction. A phishing attack is harmless unless the user actually does something with it. If earlier analysis suggests that the risk of phishing is high, then the system can suggest alternative safe paths ("Use this bookmark to go to the real eBay.com"), or ask the user to choose which site they really want to receive the information ("eBay.com in California, or 210.93.131.250 in South Korea?").

The ideal defense against phishing might be an intelligent security assistant that can perceive and understand a message in the same way the user does so that it can directly compare the user's probable mental model against the real implementation and detect discrepancies. This ideal is likely to be a long way off. In the meantime, phishing will remain a problem that must be tackled by both a user and a computer, with an effective user interface in between.