BankInfoSecurity.com Interviews Markus Jakobsson - Part 2 of 2
Listen to BankInfoSecurity’s latest podcast as a leading phishing researcher explains some of his newest findings on phishing. Dr. Markus Jakobsson is a professor at Indiana University, and a research fellow with the Anti Phishing Working Group (AWPG). Dr. Jakobsson is also Associate Director of the Center of Applied Cybersecurity Research, and a founder of RavenWhite Inc., and he heads the efforts at www.stop-phishing.com.

Author and inventor of more than fifty patents, Jakobsson’s research delves into not the technical aspects of phishing and other types of cyber attacks, but also focuses on the human aspect. His latest paper, “The Human Factor in Phishing” is discussed in this two-part podcast.

During the interview Dr. Jakobsson describes the research he is doing on fraud, social engineering and phishing, and the prevention of these attacks. His interview is not to be missed, as he explains some of the new ways attackers are targeting the customers of banks and credit unions.Excerpt from podcast:

LINDA MCGLASSON: Do you recommend financial institutions also take the domain names that match existing or future potential services or features of the institution or its competitors? And what about how they should handle institutions that are merging, and possible misuse of domain names in that case?

MARKUS JAKOBSSON: This is a good question. Let me answer this by two examples. Some time ago, Bank One was acquired by Chase. And this became a very vulnerable time to clients of Bank One, because they weren’t quite aware of what Chase looked like, and what the form of logging into Chase was. Nor were they, they weren’t so sure about the URLs and all other aspects of online banking, either. So, say that a phisher would register a domain like bankonebecomeschase.com. Most people would find that rather plausible, I would argue. And so, then you take advantage of the fact that people are vulnerable, at the same time as you have an opening to use a new domain name that wasn’t very meaningful before. Another thing that you could do is, if you are bank, apart from registering these in advance, would be to look at attacks that are occurring and targeting other financial institutions.




Around the Network