Research to Prevent Spearphishing Attacks
Spear phishing is said to be one of the most challenging threats facing corporate networks today. Phishing is a method of acquiring information such as usernames, passwords, credit card numbers, etc. by impersonating a trusted person or website using electronic communication. Spearphishing is a phishing attack directed at a specific individual or company. Some of the most common examples of these phishing attempts are fake emails containing links and fake versions of popular website logins such as Facebook. Over the last few years spearphishing has become much more common because hackers now have more personal information to base their attacks on, and targetted attacks are much more successful.
After conducting some studies, the Georgia Tech Research Institute is performing some research into phishing prevention. To prevent attacks such as these in corporate settings, researchers are looking into behavioral pattern analysis methods for systems to detect potentially suspect messages and display warnings to users. One method would involve a system which processes all incoming traffic on a system. Since attackers typically target multiple users to increase chances for success, the system would monitor all incoming traffic and take note of patterns in the traffic. This system would also remember what is "normal" traffic for each user and raise an alert when traffic falls outside that norm.
To help improve this type of behavioral pattern analysis, researcheres work on developing and improving natural language processing techniques. Some very basic uses of this would be just searching for common language such as "verify your password" or "click this link". However, as language processing algorithms improve it could be possible that systems could learn and more fully understand the content of a message to be able to detect more subtle attacks.
Aside from these possibilities, the current best defense against phishing is to always have a grain of suspicion and to be on the lookout for sites which normally use SSL but have no SSL indicator icon. Don't click links in emails, instead copy the URL and paste in in your browser. This prevents attackers from writing one URL, but making the hyperlink point to a different destination. And for now, don't enter any personal data online through your mobile browser because it isn't secure enough currently.