SpoofGuard is a browser plug in that is compatible with Microsoft Internet Explore. SpoofGuard places a traffic light in your browser toolbar that turns from green to yellow to red as you navigate to a spoof site. If you try to enter sensitive information into a form from a spoof site, SpoofGuard will save your data and warn you. SpoofGuard warnings occur when alarm indicators reach a level that depends on parameters that are set by the user.
A white paper describing SpoofGuard is available for download.
Another Stanford effort is targeted at user tendencies to use a common password across multiple sites. Web Password Hashing provides a client side solution to hashing the user's password with the domain name of the web site to create a unique password specific to that site. A PowerPoint presentation on this technique is available for download.
Does it seem as if you can trigger those penalties just by breathing these days? You aren't far off: Over the past few years, credit-card companies have become increasingly dependent on the fees they charge users. In 2001, fee income represented 28% of credit-card companies' total income, according to CardWeb.com. Over the past five years, this figure has increased by 172%.
A rapidly growing form of Internet fraud is a practice known as “phishing.” This fraud can lead to financial loss, identity theft, and loss of customer confidence in your institution. The purpose of this memorandum is to familiarize you with the characteristics of phishing, and to encourage you to implement safeguards that will reduce the likelihood of your institution’s customers becoming victims of this fraud.
Phishing attacks are growing rapidly, impersonating Internet service providers, online merchants and banks. Government officials and private investigators say all signs point to gangs of organized criminals — most likely in Eastern Europe — as being behind many of the latest efforts.