How to prevent phishing

Phishing is not a security problem; it is user education that is the issue. Why do the majority of phishing attacks fail? Simple. Because users are clever enough to realise it is not the site that is sending the email.

So if the majority of phishing attacks fail, why do some users fall for the scams? They don't know the difference between the scam site and the real site, what we need to do is solve that problem so that the user knows they are receiving an email from their trusted site.

Enter VP - Visual Passphrase

My idea to solve this problem is to create a visual passphrase for each user that logs onto a site as a form of identification for that particular site. So when a user creates an account with the trusted site, they create a passphrase that can be anything they like and that will appear on every email from that site. This would enable the user to instantly recognise the site because of the familiar passphrase.

How it works...

The user signs up to the web site and provides their VP for example "My dog is called Rover" the user can then instantly identify the email/site and know if they can trust it and enter their credentials. Now an added benefit of knowing that an a trusted site contains a certain phrase is that all other sites can be automatically filtered and deleted by their email client.

Recommendations for VP

1. A VP should contain at least 5 words.
2. Only alphanumeric characters should be allowed strictly, all other characters should be removed.
3. The VP should be enclosed by brackets in emails for example: - [My dog is called Rover], which would enable automatic email filters to be configured.
4. The VP should only be present on the login screen or emails.
5. An explanation of VP should be included next to the input box or link provided.