The rapid growth of so-called phishing scams has left IT managers, industry groups and technology vendors scrambling to deal with the e-mail fraud problem.
A large part of the effort is focused on consumer awareness programs, cross-border law enforcement activities and improvements in information sharing between companies and authorities. But new tools and services that could help companies better detect and respond to such scams are also beginning to emerge.
For example, Cyota Inc., a New York company that offers secure payment services to banks, is beta-testing an antiphishing service that uses a network of probes seeded around the Internet to detect scams, said CEO Naftali Bennet. The technology could also help users apply countermeasures, Bennet added. He said he expects the beta-testing to continue for several months.
Bath, England-based Netcraft Ltd. on Jan. 5 launched a service aimed at detecting and tracking Web sites involved in phishing scams. Envisional Ltd., a Cambridge, England-based provider of antipiracy and online brand protection services, added antiphishing capabilities to its offerings in December. Brightmail Inc. in San Francisco and Cyveillance Inc. in Arlington, Va., have also announced services designed to stop phishing scams.
The goal of phishing is to fool people into parting with personal information such as their credit card, driver's license and bank account numbers. The schemes typically involve e-mails with messages, return addresses, links and branding that appear to come from reputable companies.
Last week, for instance, Citibank Inc. and London-based Barclays Bank PLC warned customers to ignore messages urging them to go to spoofed Web sites where they would be asked to provide sensitive data. Phishers have also gone after customers of eBay Inc., PayPal Inc. and other e-commerce companies.
Robert Garigue, the Toronto-based chief information security officer at Bank of Montreal, said that when the bank's customers were targeted by a recent phishing scam, it worked with the Royal Canadian Mounted Police and the FBI to quickly shut down a bogus Web site hosted by a service provider in the U.S. He said cooperation and information sharing are crucial to stemming the phishing problem.
Garigue thinks phishing is on the rise because increased security measures are making it harder for attackers to directly breach enterprise networks. "The consumer has become the weakest link in the trust chain," he said.
Dave Jevans, chairman of the recently formed Anti-Phishing Working Group, said the number of unique phishing scams has grown to about five per day. That compares with an average of 1.5 attacks daily before the holiday season, said Jevans, whose organization has more than 60 members, including financial services companies and IT vendors.
Companies whose names are used in scams can incur "substantial operational costs" if they have to change passwords and PINs for thousands of customers, said Gartner Inc. analyst John Pescatore.