Computer Crime Research Center


MasterCard and Cyota: Anti-phishing trends

Date: May 12, 2005
Source: Computer Crime Research Center
By: Compiled by CCRC staff

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Under the program, called Stop It, MasterCard is collaborating with digital-asset-protection company NameProtect Inc. to detect online scams in real time as they proliferate across the Internet. NameProtect employs Internet detection technology and systems to continuously monitor domain names, Web pages, online discussions, spam E-mail, and other online formats to identify online trading rings, phishing attacks, and other forms of fraud the moment each attack is launched online.

NameProtect provides real-time exclusive reports to MasterCard. MasterCard, in turn, reports illegal Web sites and other illegal online forums to law enforcement and alerts financial-services institutions.

The number of phishing sites grew by an average of 26% per month between July and February, reaching 2,625, according to the Anti-Phishing Working Group. The average lifetime for a phishing site was 5.7 days in February, but some stayed in operation as long as 30 days.

Last week, MasterCard succeeded in shutting down a phishing site within 15 minutes, says Sergio Pinon, senior VP of security and risk services. Typically, ID-theft rings will move their operations to other Internet service providers but give up after they've been shut down two or three times, Pinon says.

The rapid response to phishing has helped law-enforcement officials break up fraud rings. In October, the U.S. Secret Service collared 27 computer and credit-card scam artists following an investigation; the probe significantly disrupted cybercriminals targeting the U.S. financial infrastructure, according to MasterCard.

One of the newer forms of ID theft is "pharming," also known as DNS (domain name system) poisoning, in which victims are directed to a spoofed Web site that's an exact replica of the real site, where thieves harvest large volumes of personal information.

Cyota (, the leading provider of anti-fraud and online security solutions for financial institutions, announced today that it has successfully deployed the world's first solution designed to fight "pharming", also known as DNS Poisoning, a new type of online fraud attack. The new solution enhances Cyota's FraudAction(TM) service, the banking industry's first anti-phishing solution, which is currently in use by dozens of global financial institutions. Thirteen of Cyota's existing anti-phishing clients have already deployed the anti-pharming solution over the past eight weeks, including two large US banks, three credit unions and several major global banks.

Based on its experience and expansive viewpoint of the global phishing and online fraud situation, Cyota was first asked by its customers to enhance its anti-phishing offering to include pharming back in August 2004. When deployed successfully, pharming (and specifically DNS Poisoning or DNS Spoofing) is extremely harmful and inflicts far more damage than a standard phishing attack. When online banking customers type in their bank's URL, a pharming attack redirects them to a spoofed Web site - an exact replica of the real bank site - where fraudsters simply 'harvest' personal credentials in mass numbers.

Cyota's anti-pharming system constantly scans the internet looking for potential pharming attacks. The system alerts Cyota's 24x7 Anti-Fraud Command Center (AFCC) in suspicious cases, and each attack is then qualified by a Cyota fraud analyst. Cyota's AFCC has over 24 months experience dealing with phishing attacks and other online fraud incidents. Once a pharming attack is identified, the AFCC handles the attack similar to a phishing attack - it analyzes the attack, proactively shuts down the spoofed site, conducts forensics, deploys technical counter-measures and reports the results to the bank. To date, Cyota's AFCC has shut down more than 7,000 spoofed sites in 65 countries, and lowered the typical lifespan of an attack to five hours from an industry average of six days.

"Online fraud and phishing are evolving, and new types of threats such as pharming are surfacing at a rapid pace," stated Amir Orad, executive vice president of marketing at Cyota. "Cyota continues to innovate and develop new features and products dealing with online fraud; we are determined to evolve as fast as the fraudsters, and always stay one step ahead. With Cyota's anti-pharming and anti-phishing service, our clients are protected by the most comprehensive anti-fraud system in the world."

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo