Computer Crime Research Center


New Report On Phishing, Anti-Phishing Working Group

Date: November 09, 2005
Source: Business Wire

[Press Release] MONTREAL &MENLO PARK, Calif.--(BUSINESS WIRE)--Nov. 8, 2005--The Anti-Phishing Working Group and SRI International today announced the availability of a new report mapping the spectrum of current and future technology solutions to combat Internet fraud, or "phishing" schemes. The report, "Online Identity Theft: Technology, Chokepoints and Countermeasures," was commissioned by the Department of Homeland Security Science and Technology Directorate, and managed and reviewed by SRI International. It is available for download at:

Intended for technical practitioners, researchers and security executives, the report offers a comprehensive survey, developed by independent research organization Radix Labs, and analysis of counter-phishing technology. The report details technologies used by online identity thieves, or "phishers," and explores technologies that could dramatically reduce financial losses and consumer distrust.

"Discussions of counter-phishing strategies often turn into storytelling sessions, which are useful but not effectively prescriptive," said Peter Cassidy, Anti-Phishing Working Group secretary general. "With this report, researchers finally shine a flashlight into the engine room of e-commerce systems, give names to the gremlins, tell us where to find them and posit interventions that can take the components and protocols phishers exploit out of their grasp."

"Analysts estimate that online identity theft and fraud cost US banks and credit card issuers $1.2 billion in 2003, and this cost continues to steadily grow," said Patrick Lincoln, Ph.D., director of SRI International's Computer Science Laboratory. "This new report was commissioned to increase awareness of the problem, offer new information about technology solutions and stimulate innovation. We see many opportunities to prevent phishing through new security technologies and hope this report will encourage innovative approaches to solving the problem."

"Instead of looking at individual pieces of the problem, we constructed an information flow that applies to all types of phishing attacks," said Aaron Emigh of Radix Labs, author of the report. "The report identifies chokepoints, which are points in the flow where there is an opportunity to stop a phishing attack. It offers countermeasures that can be applied at each chokepoint, drawn from existing technologies, new products, and academic research."

About the Anti-Phishing Working Group

The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. There are more than 1,300 companies and government agencies participating in the APWG and more than 2,000 members. The APWG's web site ( offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection.

About Radix Labs

Radix Labs ( is an independent research consultancy focusing on security technology. In addition to this new report, Radix Labs staff coauthored the US Secret Service San Francisco Electronic Crimes Task Force report on Anti-Phishing Technology.

About SRI International

Silicon Valley-based SRI International ( is one of the world's leading independent research and technology development organizations. Founded as Stanford Research Institute in 1946, SRI has been meeting the strategic needs of clients for almost 60 years. The nonprofit research institute performs contract research and development for government agencies, commercial businesses and private foundations. In addition to conducting contract R&D, SRI licenses its technologies, forms strategic partnerships and creates spin-off companies.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo