Spammers have recently started sending out fake invoices from iTunes, and it got me thinking: wouldn’t it be great if Apple included a secret word in their email notifications that I would immediately recognize? Once I thought about it a little more, I realized that the idea could easily extend to just about any service, and could also be used to eliminate false positives in spam filters.
This would be an effective anti-phishing technique. Let’s say your bank asks you to pick a safe word to be associated with your account. Once that’s selected, any email that they send to you will include that safeword in the email’s subject line as an easily identifiable sign of authenticity.
If you picked “Incontinent Panda” as your safe word, instead of
Subject: Bank of America: Important Notice On Your Account Information (Re-Confirm)
you would see
Subject: [Incontinent Panda] Bank of America: Important Notice On Your Account Information (Re-Confirm)
Since the odds of a phisher guessing this pass phrase is pretty low, you can tell at a glance that this is most likely the real deal. Since these emails go out to you, and you only, the odds of the safe word getting compromised is fairly low.