Fighting phishing sites with images
Online finance services provider e-gold has introduced a new measure to protect customers from attempted fraud by phishing sites. The company has set up a system which exposes phishing sites as such when they load graphics directly from the company's servers. The e-gold servers supply images and graphics to external websites which differ from those supplied to their own websites.
This actually rather obvious measure has long been demanded by security experts, but has been avoided by the finance companies concerned. It is said to be too difficult to implement correctly and too expensive. How the e-gold system works is not known. It is unlikely to work by a simple referrer check, i.e. checking the details of the referring site passed on by the browser. Too many internet users use additional software which filters out the referrer entry in http queries.
The gain in security from the new measure is, however, marginal. If the original server does not correctly supply the graphics, phishers will probably simply place copies of the real graphics on their servers. Still, such a defensive measure does mean that finance institutions are no longer giving phishers an unintended leg-up.