6 April, 2005 - 9:17am

Phishing is up by over 25% from last summer according to a new study from the Anti-Phishing Working Group. The APWG also reported an increasingly more common form of identity theft, phishing without a lure or "pharming".

Previously, phishing attacks were done by luring an individual through spoofed emails to bogus sites that look just like the individual's bank or credit card company. Pharming is harder to detect, whereby malicious code on a user's computer modifies the host's file; when the user types in a URL and the browser checks the host file for the IP address, the malware will send the user off to a fraudulent website.

Earlier ths year, one of our developers discussed how SXIP addresses the phishing problem in Gone Phishing, Digital Identity: Unified Systems and Open Protocols, and Credentials, Not Business Cards.

SXIP also helps prevent pharming by displaying information to the Sxip Homesite on sxip in. Additional steps could also be taken to display more information, such as the Sxip Membersite URI provided, or if it's the first time the user has attempted to "sxip in" to the site. This has the effect of reaffirming the navigation; the first time notification tells the user they may not be in the place they thought they were.