What would you say if you knew of a new software security tool claiming to stop the phish – those fraudulent Websites and Web stationery aimed at tricking you into giving up your sensitive information to likely scammers – before they spawned, along the line of telephone caller ID?
WholeSecurity is hoping you'll say how soon can you get yours. They're touting their new Web Caller-ID tool, released August 16, as the first browser-based solution to "behaviorally detect" phish attacks and spoofed sites – and they've got at least one high-powered customer to back up their claim.
“Given the increasing intensity of phishing attacks, it becomes imperative to detect and block previously unknown sites via browser-based solutions like toolbars,” said eBay chief information security officer Howard Schmidt, after the online auction kings decided to give Web Caller-ID a try, integrating it in a feature called Account Guard which eBay members can download for free.
“By integrating Web Caller-ID’s behavioral detection into the browser," continued Schmidt, formerly the White House's cybersecurity advisor, "online companies can automatically protect their customers from previously unknown spoof sites without requiring frequent blacklist updates.”
Gartner Research has estimated that phish attacks have cost victims about $1.2 billion in identity theft fraud in the twelve months ending in April, with U.S. companies bearing the brunt of those costs, while 92 percent of the phish attacks took place within the past year. "Companies have a growing sense of urgency," said WholeSecurity, announcing Web Caller-ID, to implement solutions to combat the escalating threat, lower fraud losses and maintain customer confidence.”
And the Anti-Phishing Working Group, a joint effort between the information technology industry and law enforcement, said there were 1,422 unique new phish attacks reported to the group in June, a 19 percent jump over May, with reports of unique new phish growing 52 percent a month on average since the beginning of the year.
WholeSecurity said blacklist solutions alone become outdated too quickly and "consequently leave companies vulnerable to unreported or new spoof sites." Web Caller-ID, WholeSecurity said, is capable of detecting a spoof site in plugins integrated into browers or toolbars by way of "parsing e-mail streams like spam.
"To deliver zero-hour protection against phishing attacks, Web Caller-ID uses an unprecedented behavioral detection method," the company continued. "Unlike blacklist only solutions, Web Caller-ID identifies previously unknown spoof sites based on their characteristics and prevents users from accessing them in real time. Web Caller-ID is designed to help companies experience fewer account takeovers, reduce fraud losses and increase member confidence in online commerce and marketing activities."
So far, Web Caller-ID has also impressed the Information Technology Association of America. "WholeSecurity's offering exemplifies the serious attention the IT vendor and e-tailer communities are giving to the emerging threat of online identity theft," said ITAA president Harris Miller.
In fact, the ITAA has been guiding the gathering of a group called the Online Identity Theft Coalition, which Miller calls a "cross-sectoral" group looking to keep up with and surpass the fraudsters by way of public information, technology advance, information sharing, and public policy initiative where necessary. WholeSecurity and eBay, in fact, joined the coalition early on.
"[The coalition is] setting the example for IT vendors and users alike to take aggressive steps to keep online commerce safe and growing," Miller said.
