Sophos today launched a new early-warning system that proactively notifies banks, online businesses and other organisations of fraudulent e-mail scams that target their customers.
Based at Sophos's new $10 million research and development centre in Sydney, the Sophos PhishAlert service notifies subscribers of new phishing attacks so they can warn their customers and initiate action to immediately shut down fraudulent Web sites.
Developed in conjunction with its customers in Australia, New Zealand and North America, Sophos PhishAlert aims to minimise financial losses, customer dissatisfaction and damage to reputation that can result from phishing scams.
Over the past two years, the use of fraudulent e-mails and fake Web sites by criminals to harvest personal information -- now commonly known as phishing -- has grown dramatically to become a primary avenue for identity theft.
The Anti-Phishing Working Group (APWG), a cross-industry association focused on eliminating online fraud and identity theft, reported more than 2800 active phishing sites in April 2005 -- more than double the number reported in October 2004.
Frost & Sullivan security and services analyst James Turner said phishing is a manifestation of social engineering, as it seeks to bypass firewall and antivirus systems and then trick the user into exposing themselves.
To fend off attacks, Turner said Australian companies are spending millions of dollars every quarter on perimeter security.
"But phishing scams can be detected when they first start spreading and this initiative by Sophos is designed to help alert the community to these scams to help close the window of exposure. The sooner the scam is spotted, the sooner people can be warned against it," Turner said.
Sophos Australia managing director Rob Forsyth said identity theft is a major issue for the banking and financial services industry and many other online businesses.
"The rapid rise of phishing scams and other types of online fraud has led to a newfound and serious distrust of e-mail, impacting all businesses, large and small, that use the internet to interact with customers," Forsyth said.
"Sophos PhishAlert offers our service subscribers an early-warning system to detect phishing attacks and initiate action through law enforcement agencies, ISPs and others to shut down these scams rapidly."
Using information extracted in almost real-time from the company's global network of security research centres, the service provides summary details, e-mail samples and additional information to help companies respond quickly to phishing attacks.