Sunday, May 20, 2007

Technology alone isn't going to stop phishermen and other cyber ghouls on the Internet

Not so long ago, I did a post about how the federal government was phishing their own employees.

It didn’t surprise me that many of the phish took the bait, pretty easily. It would just mean that the federal employees, who were phished are no different from the general population on the Internet.

After all, there wouldn’t be so much phishing, if it didn’t work.

Apparently, the practice is catching on and Amy Joyce of the Washington Post did an interesting article about why the idea might be a good one.

In the article, James MacDougall (South Carolina’s computer security guru) as saying:

You can spend all the money on the technology you want, MacDougall said. But if the end users are doing dangerous behavior, there is almost no cure for that.

Mr. MacDougall has hit an important point right on the head and phishing tends to set new records, every time the Anti Phishing Working Group issues their monthly report. Their most recent report (April) indicates that not only did the number of phishing sites set a new record, but their numbers more than doubled over the previous month (March).

Spam filters designed to stop phishy e-mails seem to be under major attack, and haven't been very effective in the recent past, either.

Maybe, we are spending too much money on technology to solve the problem rather than using some good old fashioned common sense?

One of the reasons, technology tends to be defeated, or used by criminals – is that it is too easily compromised by human beings. Most financial scams rely on the greed factor, or getting people to fall for something that's too good to be true.

It doesn’t take a genius to buy DIY (do it yourself) crime kits, which are readily available over the Internet, and commit what some might consider, sophisticated criminal activity.

Relying on technology to protect us without human oversight is a big mistake, and this holds true, for more than financial crimes.

Government and private systems are attacked all the time for their information.

Technology is a wonderful tool and makes things easier, but it has limitations. Instead of throwing all of our resources into technology, which seems to have a limited life span, maybe we need to focus more on the human factors that put us at risk, daily.

Thought provoking story by Amy Joyce, here.

1 comment:

Sorin said...

"Maybe, we are spending too much money on technology to solve the problem rather than using some good old fashioned common sense?"

That's one good point.
But, it doesn't work. People are just too greedy to have common sense.
If you give them "the same product" (note the quotes" ten times cheaper, they'll buy it.