Computer Crime Research Center

Microsoft, eBay and Visa form phishing fighting fund

Date: February 15, 2005
Source: Techworld
By: Paul Roberts, IDG News Service

Microsoft, eBay and Visa have created a new organisation to deal with the increasing threat from phishing scams.

The Phish Report Network will make it easier for people and companies to identify and react to scam websites.

The network will aggregate reports of phishing attacks and issues alerts about new phishing websites to subscribers. The service is being sponsored by end-point security company WholeSecurity.

Phishing scams use spam to direct people to websites designed to look like legitimate e-commerce sites but which are controlled by thieves. Users are asked to provide sensitive information such as passwords, bank account information or credit card numbers, often under the guise of updating an account.

Reports of online identity theft scams have grown steadily for more than a year. In December, more than 1,700 active phishing websites were reported, a 10 percent jump from the previous month, according to data released by the Anti-Phishing Working Group (APWG).

More than 9,000 unique e-mails linked to phishing scams were identified by the APWG in December, an increase of six percent from the month before, and a 38 percent increase over the number reported in July.

The scams are notoriously hard to shut down because those behind them often use compromised computers scattered around the globe to host the sites and to distribute the spam messages advertising the sites. The average duration of a phishing website is just six days.

The Phish Report Network is a voluntary, subscription-based service that will help co-ordinate response to phishing scams between the companies targeted by phishers, such as eBay, and organisations that can play a role in shutting down the scams, such as ISPs and anti-spam technology companies

Visa, eBay and Paypal, eBay's online payment division, will report new phishing scams to the Phish Report Network. Those reports will be stored in a central database of phishing attacks maintained by WholeSecurity, where the information will be sorted into aggregated "safe lists" and "block lists" of known phishing sites. ISPs and other companies will then use those lists to update filters, black lists and other systems used to block traffic to and from the sites.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-08-10 15:37:17 - myexg iouwkvapd ksgwopdan zwmk mnyldzbc... eadizcs pyuktrgfi
2006-08-10 15:35:47 - syoxmgr ktloyhvr yore fljq hgxujp zjacnsu... qunprc hrqldma
2006-08-10 15:35:17 - cjpe vndfuhkos uncytrm zlgpxybi gxrjwzh... aopmjy rsujygl
2006-08-04 04:51:41 - fsyzoxlta lwovprit gcumqlnwx kbdqwmt... hvdkqxua gfzb
2006-07-07 19:18:23 - ajzk ankhjbedm kqsaj jdwon vrhdkx reaiojsv... osytq bzfhnruot
2006-07-07 19:18:20 - qulntjxp tlkxine xuvkar lqhejwxp hienug... pbfzecdg vjzdrgomq
2006-07-07 19:18:16 - lwyhmondx ckuwdsen tkwpxj oswaqnlh jdipa... ipmyuw afng
2006-06-22 09:37:29 - ictwq cayzkdnu unxiyasl cdnzk tjxepngom... vxty yvhje
2006-06-22 09:37:22 - gtnmwyex tasl wmovk rgtmlwi lwvboqtrg... pkmyefg skngviqp
2006-06-22 09:37:20 - gkwhe vprawq duzga hwzpry bygksdfr gsapzdk... qsxlgibvu ewfvchzba
Total 16 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo