Still on the hook: the persistent problem of phishing

Although it is just one of many types of online attack, phishing represents a notable threat insofar as it has the direct potential to reach end users, and the subsequent potential to cause an impact for them as individuals or for the organisation in which they work. While by no means unique in this respect (the same could, for example, be said regarding malware), it makes phishing a threat that cannot be confidently addressed by technical safeguards alone. Users need to be made explicitly aware of the risk, and advised on how to spot and avoid it. While technical measures can help protect against phishing, there's still a lot of work to be done in the area of user awareness, as people need to make intelligent decisions about the messages they receive. One problem is being able to differentiate genuine correspondence from phishing, and this is making it difficult to provide users with clear advice, explains Steven Furnell of the Centre for Security, Communications and Network Research, Plymouth University.