Today (full disclosure: at the kind invitation of GeoTrust) I attended the Anti-Phishing Working Group‘s spring meeting in London. The need to allow all attendees to speak freely means that I can’t say too much about what was discussed, but I came away both worried and encouraged at the same time. Like with spam, organised crime is following the money; phishing and identity theft are only going to get worse in the short term. On the other hand, people are becoming aware of the problem and there are things we can be doing.
One thing that’s clear is that browser SSL UIs are going to have to change to be more discriminating between different types of certificate with different levels of owner verification attached. More on that soon.