This invention relates to messaging systems such as email systems, and more particularly, to secure email systems that use personalization information to counter phishing attacks.
The world wide web is often used for sensitive transactions such as those involved in online banking and e-commerce. In a typical scenario, a user obtains access to an account at a financial institution by supplying a valid username and password.
The popularity of online services has given rise to fraud. One type of fraud, known as “phishing,” involves sending fraudulent email messages to recipients to entice them to reveal their username and password or other sensitive information to an unauthorized party.
Cryptographic systems such as secure email systems help prevent phishing attacks from succeeding, because recipients in secure email systems can verify the identities of message senders. In a secure email system, recipients use decryption software to decrypt incoming messages. However, in some environments, it may be difficult for a recipient to install the decryption software. For example, if a recipient works in a large organization, the organization's policies may prohibit the recipient from installing the decryption software.
Moreover, even when decryption software is used to decrypt incoming messages, it may be desirable to enhance the mechanisms available to recipients to identify the identities of message senders.
It would therefore be desirable to be able to better address the concerns posed by phishing attacks.