Author and inventor of more than fifty patents, Jakobssonâ€™s research delves into not the technical aspects of phishing and other types of cyber attacks, but also focuses on the human aspect. His latest paper, â€œThe Human Factor in Phishingâ€ is discussed in this two-part podcast.
During the interview Dr. Jakobsson describes the research he is doing on fraud, social engineering and phishing, and the prevention of these attacks. His interview is not to be missed, as he explains some of the new ways attackers are targeting the customers of banks and credit unions.Excerpt from podcast:
LINDA MCGLASSON: Do you recommend financial institutions also take the domain names that match existing or future potential services or features of the institution or its competitors? And what about how they should handle institutions that are merging, and possible misuse of domain names in that case?
MARKUS JAKOBSSON: This is a good question. Let me answer this by two examples. Some time ago, Bank One was acquired by Chase. And this became a very vulnerable time to clients of Bank One, because they werenâ€™t quite aware of what Chase looked like, and what the form of logging into Chase was. Nor were they, they werenâ€™t so sure about the URLs and all other aspects of online banking, either. So, say that a phisher would register a domain like bankonebecomeschase.com. Most people would find that rather plausible, I would argue. And so, then you take advantage of the fact that people are vulnerable, at the same time as you have an opening to use a new domain name that wasnâ€™t very meaningful before. Another thing that you could do is, if you are bank, apart from registering these in advance, would be to look at attacks that are occurring and targeting other financial institutions.