Tuesday, 27 May 2008

Defeating phishing through digital signing

Public-key signed email would be the final answer to phishing email scams as long as (a) your customers know how to handle the encryption and (b) they have the right public key. From then on, any email that arrives signed by, say, the bank can be verified easily as genuine, because only the bank could have signed it with the private key that matches their public key.

It is a problem to get your public key to your customers, though, because scammers are likely to start sending fake keys in advance to try and get you to trust their later signed emails.

Mokalus of Borg

PS - For most people, point (a) would be the bigger problem.
PPS - And that makes it a non-viable solution for now.

No comments: