Efforts to educate computer users about the perils of phishing have largely failed, according to online payment service PayPal.
Joseph Sullivan, associate general council of PayPal, told the e-Crime Congress in London today that relying on education alone will not stop phishing and that an integrated campaign is needed to stamp out the menace.
"Phishing targets the most vulnerable users of the internet, the consumers. Education is not going to stop this because phishing attacks are too good now," he said.
"I have been doing roadshows on this for five years, and the problem has not got better. If anything it has got worse."
Sullivan cited the case of his own father who, despite having a son who has spent the past 10 years fighting online crime, still got caught by a phishing scam last year.
William Beer, European director of Symantec's security practice, added: "We need to profile users.
"The education message has to be changed for different groups. You do not talk to teenagers in the same way that you talk to the over 50s."
Beer explained that a plethora of new techniques is making it very difficult for online users to distinguish between real and fake websites.
He pointed to a scam in which a phishing email asked recipients not to visit a bogus website but to telephone their bank. The criminals simulated a call centre, even using the same holding music as the legitimate company.
Sending the right message is key, according to Bill Hughes, director general of the Serious Organised Crime Agency.
"If we frighten people to death, everyone suffers," he said. "Similarly, if we tell people the police are handling it that will foster complacency."
Education failing to fight phishing
By Iain Thomson on Mar 28, 2007 10:32AM