Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Phishing is a very serious problem that we face. However, banks are the biggest targets. What methods can a bank use to protect its self from phishing attacks? What methods should someone use to protect themselves. Why does it stop attacks?
The best way to prevent phishing attacks should rely on technical means that don’t require the user to understand the problem. The target audience will always be large enough to find someone who gets fooled.
A good way to prevent from attacks is to use an authentication mechanism that doesn’t rely on a simple pass phrase or transaction authentication number (TAN) that an attacker can steal.
Existing methods e.g. use dynamic TANs (Indexed TAN or iTAN), or a TAN submitted on a separate channel via SMS (mobile TAN or mTAN), or – most secure and also preventing from real-time man-in-the-middle attacks – require the user to sign each transaction, e.g. using DigiPass or a smartcard.
The reason that this is not widely implemented is probably that it is still more cost-effective for banks to pay for the damage from phishing attacks than investing in security.