Phishing could soon be a thing of the past and the credit may have to go to Microsoft. That's according to a leading Web security expert who says functionality built into Internet Explorer 7 could shutter fraudulent Web sites within 18 months.
Tim Callan, a director at VeriSign, said anti-phishing guards in IE 7 -- which will warn users off malicious Web sites where they may be asked to submit personal information such as bank or credit cards details -- will help restore badly damaged consumer confidence.
Callan said: "Consumer confidence is falling and the biggest reason for that is fear, pure and simple. People fear that something bad is going to happen to them."
And he said phishing is the major cause of concern.
Typically phishing scams rely on a spoofed Web site made to look like the site of a leading bank or popular e-tailers such as Amazon or eBay.
However, when users visit a site with a fraudulent URL and no SSL certificate their address bar will turn red warning them they may be straying into dangerous territory.
If the site's URL tallies with who its owner is, and the SSL certificate is present, the address bar turns green, informing the user they are safe to carry on. In between these alerts there is a plain white address bar, which means 'nothing to report', and amber which advises caution.
Callan said: "This has the potential, a year or 18 months down the line, for phishing, as we know it, to have become a really small problem.
"I've had a lot of contact with the people who are really going to use this, 150 of the largest Web properties in the world, and not one of them has said 'I'm not going to use this'."
However, he admitted the fight is far from won and agreed criminals will already be plotting their next move.
He said: "The bad guys are going to start to work on it. They will be chipping away at it and I'm not going to pretend they won't at some point have success."
Mark Sunner, CTO of MessageLabs, which intercepts phishing e-mails in the cloud before they reach the end user, said the scheme is a definite improvement on previous browsers but added that "any assumption this will wipe out phishing is an exaggeration".
Sunner said: "You've got to keep some perspective. Everything like this is all good but the more sophisticated phishers move a lot more quickly than the technology. They will already be working on ways around this and new methods of attack."
The simplest way to avoid phishing is to understand that reputable Banks, Finacial institutions and companies will NEVER request details like this - they always need to be confirmed with a 100 point identity check in person on the phone.
Users need to take responsibility for security. technology will ALWAYS have a hole that criminals can exploit.