AOL Begins Blocking Phishing Sites

In a major initiative to combat the growing threat of identity theft scams, AOL announced it will begin to work internally and with partners to identify and block member access to phishing sites. AOL says the blocks affect only dangerous sites, and will not be extended to censor questionable content.

The move will be the first time AOL has made a concerted effort to prevent its members from reaching the dark corners of the Web. The company previously only blocked small numbers of sites on an "ad hoc basis" based on "internal referrals during work hours," a company spokesperson told BetaNews.

Phishing is the designation given to a class of socially engineered attacks -- generally carried out like spam via e-mail -- that steal consumers' passwords, credit card numbers and other personally identifiable information. Very often these scams look like genuine e-mails from companies such as PayPal and eBay.

To keep its users protected from phishing, AOL is joining forces with Cyota, an anti-fraud and security solution provider for financial institutions. When a site is blocked, any AOL member who tries to visit the page will encounter a notice explaining the danger.

"This system functions like a 24-hour-a-day phishing SWAT team, using a variety of sources to try to identify and block phishing sites around the clock," AOL spokesperson Andrew Weinstein explained to BetaNews. "So, if an attack is identified at 4am, we will try to block it before our members have their first cup of coffee and check their morning e-mail."

AOL downplayed concerns that such blocking could open the door for censoring content the company deems inappropriate, saying phishing sites do not fall into a grey area.

"They are dangerous and illegal sites that are trying to steal personal and financial information from our members, and we will take aggressive steps to protect our members from such criminals," said Weinstein. "When the bridge is out, it makes perfect sense to put up a 'road closed' sign."

Weinstein said that all sites are thoroughly reviewed before being blocked, and if a legitimate site slipped through, it could easily be unblocked.

AOL isn't the only industry leader tackling the phishing problem. Microsoft recently filed 117 lawsuits against alleged phishing site operators. Technology companies and law enforcement also teamed up to crack down on phishing by launching the Digital PhishNet program last December.