Three heavyweight players in the tech world—four, if you count a player owned by one of the three—have announced they’ve started work with a Texas security company in a network alliance to find and track phishing attacks and share the information with each other in a new bid to put a big crimp into the troublesome online scams.
Microsoft, eBay, Visa USA, and eBay subsidiary PayPal announced February 14 that they would start capturing data on suspected phishing e-mails and Websites and submit it to the Austin, Texas-based WholeSecurity network. The new partnership, whose product will be known as the Phish Report Network, launched the day before over ten thousand security experts landed in San Francisco for an annual conference said to be the high-tech industry’s largest annual security-related event.
“Phishing is the fastest-growing segment of spam being sent worldwide today, victimizing both legitimate online companies whose brands are being hijacked and consumers who are unwittingly providing their personal information to criminals,” said Microsoft Safety Technology and Strategy Group general manager Brad Hamlin, announcing the company’s participation. “The data that the Phish Report Network will provide can help Microsoft immediately better defend our millions of users worldwide against these nefarious phishing attacks.”
Microsoft, eBay, Visa, and PayPal are among the most frequent brands used in phishing—e-mail and Websites made to resemble theirs and other familiar brands and companies’ mailings and pages, but designed to lure unsuspecting users into giving up their personal financial information for fraudulent purposes.
“As a leader in the payments industry, Visa is focused not just on shutting down phishing sites, but preventing phishing emails from ever reaching consumers worldwide,” said a statement from Visa chief of emerging products Brad Nightengale. “Working with the participants in this solution, Visa can play a key role in stopping this crime before it happens and in maintaining global consumer confidence online.”
The Anti-Phishing Working Group, a gathering of financial and technological companies organized to track and try to help stop phishing, has said phishing attacks jumped over eight thousand percent in the past year, with 9,019 phishing scams spotted in December 2004 alone, and those were up from a mere 107 in December 2003.
Microsoft is believed to have been WholeSecurity’s first heavyweight customer even before helping form the Phish Report Network. The software emperors want to weed out phishers targeting Hotmail and MSN e-mail services. Microsoft also said they might integrate WholeSecurity technology into Internet Explorer if enough companies sign up to bring the WholeSecurity network phishing and other fraud information.
WholeSecurity already had something of a working relationship with eBay and PayPal, helping build eBay’s Account Guard which blocks eBay users from visiting suspected fake eBay or PayPal sites.
“eBay and PayPal’s participation in the Phish Report Network is one of many steps we have taken to improve security of the e-commerce experience,” said a statement from Howard Schmidt, eBay/PayPal chief security officer and former cybersecurity advisor to the Bush White House. “As we co-develop technologies, educate online users and work with law enforcement, we can help significantly reduce the effect of cyber criminals.”
The Phish Report Network has already come under some criticism because WholeSecurity charges fees that only major companies are believed able to afford. “It seems like everyone is trying to sell us something these days to react to these scams,” Reliable Hosting systems manager Ken Mirell told reporters, “but they don’t stop them from being launched in the first place.”
Even the Anti-Phishing Working Group is just a little skeptical. Chairman David Jevans said the Phish Report Network idea is a big first step but that integrating the data the partners come up with into technologies and markets they target is something else entirely. “(I)f it just stands on its own,” Jevans said, “it’s not going to be super helpful.”
But Schmidt said the new service partnership has promise because too much current such information sharing and fraud advisory is inefficient. He said this partnership lets companies spot the e-mails and sites once before blocking them everywhere.
WholeSecurity chief executive J. Peter Selda said his company thinks the Phish Report Network will become “the cornerstone” of anti-phishing efforts in the times to come. “The partnership we have formed with the founding members…is an important, groundbreaking step in reestablishing consumers’ confidence in online channels,” Selda said.
