Microsoft, eBay Join Anti-Phishing Push
Recognizing the threat posed by "phishing" and the call to address the ensuing identity theft, WholeSecurity has activated a worldwide anti-phishing aggregation service. Initial participants include industry giants such as Microsoft, eBay, PayPal, and Visa.
The service, dubbed "Phish Report" is a reporting system where partners log in and deposit fraudulent Web sites into a central database. Real-time definitions of known phishing sites are dispatched to subscribers who will in turn blacklist the sites with "user-facing" security applications.
WholeSecurity invites any company that is impacted by phishing that meet its qualification criteria to join up and do its part to increase the effectiveness of Phish Report.
Phishing is the name given to a class of socially engineered attacks that attempt to rob users of their identity by luring victims to spoofed Web sites to obtain passwords, credit card numbers and other personally identifiable information. These attacks are frequently attempted via e-mail. Phishing has become so commonplace that America Online included phishing scams on its 2004 top 10 list of junk e-mail subject lines.
Phish Report's ultimate goal is to protect the end-user. "eBay and PayPal's participation in the Phish Report Network is one of many steps we have taken to improve security of the e-commerce experience," said Howard Schmidt, eBay and PayPal's chief security strategist and former White House cyber-security advisor. "As we co-develop technologies, educate online users and work with law enforcement, we can help significantly reduce the effect of cyber criminals."
Another solution devised by the industry to catch "phish" are organizations like the Anti-Phishing Working Group. These group cooperate with international law enforcement which has itself taken an active role by establishing the Digital PhishNet.
Industry leaders in technology, banking, financial services, and online auctioneering use PhishNet as a direct line of communication with law enforcement. PhishNet accepts aggregated data and distributes it to corresponding officials in federal, state and local agencies so that cyber criminals can be identified and apprehended.