Analysis of the Phishing Email Problem and Discussion of Possible Solutions

With the growth of email, it was only a matter of time before social engineering efforts used to defraud people moved online. Fraudulent phishing emails are specifically designed to imitate legitimate correspondence from reputable companies but fraudulently ask recipients for personal or corporate information. Recent consumer phishing attempts include spoofs of eBay, PayPal and financial institutions. Phishing emails can lead to identity theft, security breaches, and financial loss and liability. Phishing also damages ecommerce because some people avoid Internet transactions for fear they will become victims of fraud. In a recent survey, both fraudulent and legitimate emails were misidentified 28 percent of the time and 90 percent of respondents misidentified at least one email. Based on these results, we cannot expect consumers alone to be able to recognize phishing emails. Instead, we must combine multiple solutions to combat phishing, including technical, legal, best business practices, and consumer education.