Thunderbird to Net Phishing Scams
Anti-phishing capabilities have been "checked in" to Mozilla Thunderbird, an open source e-mail client that is a companion to the Firefox Web browser.
Thunderbird will prompt users before opening link text that contains a different URL host name than the actual URL. Henrik Gemal, a Mozilla.org contributor, made the announcement in his personal Web log late last week.
Phishing is the designation given to a common class of socially engineered attacks, often executed via e-mail, which steal consumers' site passwords, credit card numbers and other personally identifiable information. Phishing is often associated with identity theft and has become so prevalent that America Online included phishing scams on a top 10 list of junk e-mail subject lines for 2004.
Gemal has indicated that the next step for Thunderbird to net phishing attacks will be an integrated "message scam" warning bar.
Users of other popular e-mail clients can protect themselves from this type of attack with software that is already commercially available from several security vendors such as McAfee. McAfee targeted Phishing in its 2005 product line.
Recently, the technology industry and law enforcement ramped up their efforts to crack down on the practice by establishing the Digital PhishNet project. Digital PhishNet provides a direct line of communication with law enforcement to share information so that cyber criminals can be identified and detained more rapidly.
There are also industry organizations aside from law enforcement that are devoted to routing out phishers, including the Anti-Phishing Working Group.