Many of the URL obfuscation attacks becomes successful because of email services allowing traditional HTML based email functionality, so don’t allow your email client to accept HTML based email, also use web browsers which are resistant to URL obfuscation. An email attachment should be scanned before opening and use web browser which are capable of blocking pop-ups, disable java runtime support, disable active-x contents, disable all auto play options and should be able to protect non secure cookies. Use of anti-phishing plug-in can also help in detection of many phished pages.
In our previous posts to phishing we covered basics, tutorials and vectors about phishing and phishers. So now let’s have a look at final part that is countermeasure. Phishers have lot of methods to vector a phished page so at practical level there can’t be a single solution that can help counter phishing. A phishing attack can be avoided only by a combination of awareness and use of security technologies.
A user sitting at desktop must use a complete security suite along with at least personal firewall and avoid unnecessary sophisticated communication technologies. Next every email should be validated manually for its contents, use common sense to analyze whatever is written in message.
At mail server authentication level each message should be digitally signed. Use secure SMTP and transport emails using encrypted SSL/TLS link. All mail servers should take seriously email anonymity prevention; if mail server via which mail is sent is anonymous there is no need to accept that email. A LAN based network should take full care to avoid ARP poisoning since it allows Intranet DNS poisoning.
There is lot of things that can be talked about preventing phishing at different levels but for now we limit our self here. Thanks for reading and keep visiting.