Addressing the root cause of phishing
Many blogs on the Symantec website are very informative and visually explain - "what is phishing". These efforts have brought down the instances of user-mistakes (such as clicking URL in an email, submitting information to untrusted website etc..). But we have yet to see browser manufacturers addressing the root cause of phishing. Phishing is still a big concern for a new Internet user, especially kids. I see a parallel between usual phishing and Internet crime against kids. Both have same root cause - who can be trusted on the wild-wild-web?
Explaining "phishing" to a layman: The Internet scammers develop a website which looks just like your bank or merchant. Then the scammer will send you an email that appear an official email from your bank or merchant. This email will ask you to approve a transaction you recently made, or re-verify some personal information by clicking a weblink. If you are not careful and click the weblink you may not realize that you have landed on a website developed by the scammer. Now this criminal can gain access to your personal information if you mistakenly log in to this fraud website. This act of fraud leads to online Identity theft and known as Phishing.
When it comes to elementary school age kids, phishing has a different perspective. Children often do not know better than to enter their personal information into forms online whether it is to register for a website or sign up for a chance to win a prize. So it is possible that details about your address, phone number, and other family information is being given to questionable websites. There are many softwares to safeguard kids on Internet. Government has also formally created some laws and guidelines (refer CIPA and cybersafety website of CA government). But, no software has so far addressed the root cause, which are described in detail by messages from governments.
So far Internet browsers are addressing the Phishing similar to hunting - search and destroy. Technically they are creating a ever-growing database of phishing websites. The database keeps growing as users report a phishing website (such as phishtank.com). Technically this black-list approach is insufficient to address phishing. What we need is a solution that educate user about phishing by alerting them of phishing attempts. User should be able to fine-tune the settings by selecting key-words for the sensitive information, and creating white-list of trusted websites. This concept has been demonstrated by a free plugin for Internet Explorer. Though it is technically inferior and not available for other browsers, the idea of this solution is unique, powerful and effective. I am looking forward to such a feature in major browsers and security sfotwares from companies like Symantec.