Searching for a Protocol Solution to Phishing
Phishing and other social engineering attacks are a large problem for enterprises. You may wish to look at WikiPedia for the data breach at the Office of Personnel Management (OPM) at https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach. This breach released personal information including the names, addresses, and social security numbers of millions of federal employees and contractors. The breach was most likely a result of a successful social engineering attack.
Yet, we are at the very beginning of what might happen. We may look back on these days as the days of innocence. Today, when you get a phishing email from someone telling you that you have won millions of dollars in a lottery that you never entered or a request from someone in a distant country to help them with their inheritance, you laugh (or grimace) and wonder why the spam blocker is not working.
Things are changing -
The ability to create extremely realistic fake video and audio is becoming readily available. Imagine getting a video, picture or audio text which appears to be one of your family members asking for help. It looks like them; it sounds like them; it uses similar words to what they use regularly. Which of us would be able to ignore that?
I suspect that this is the world that we are moving to. For obvious reasons, I won’t discuss the exact ways that fake audio / video is created but at a number of universities, academics are writing PhD theses on how to detect fake video. As we move into a completely encrypted world, some of these attacks may be even more undetectable than today.
At the IETF, there is a discussion on potential solutions for phishing and social engineering. Might there be protocol solutions? Are there best practices documents that need to be developed? What has worked? What has not worked? We may set up a research group at the IETF to work on this topic. This problem, however, spans multiple standards organizations, multiple protocols, and may even require governmental intervention.
If you want more information or want to be more involved, please go to: https://www.e-dco.com/contact-us and send us a message.
Author - Nalini Elkins, the CEO and Founder of Inside Products, Inc., is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of two start-ups in the high-tech arena. For more information, please contact Nalini Elkins or Bill Jouris at Nalini.firstname.lastname@example.org or email@example.com.