The e-mail appeared to be from a leading retail bank; clicking the link took users to the authentic home page--but a pop-up window led to a site registered in Moscow that sought their account numbers and PINs. It was a "phisher" scheme, and as such scams become increasingly common, ISP EarthLink is readying a free anti-phishing application designed to protect computer users from such cybercrime.
Next Monday, EarthLink is releasing ScamBlocker, a free application available to everyone--not only EarthLink customers--designed to keep Web surfers from accessing the sites phishers use to steal data. Editor's Note: the file is now downloadable from Earthlink and in PC World's Downloads section.
The ISP's timing is good; such attacks are rising 50 percent each month, says the Anti-Phishing Working Group, an industry organization composed primarily of security technology vendors, which has launched an education campaign. The Federal Trade Commission calls identity theft a leading cybercrime.
In the case of the faux bank message, users naive enough to provide their personal information could find their bank accounts drained, their credit ratings ruined, or their identities stolen.
Scam Another Day
In practice, ScamBlocker is appealingly simple. The program installs inside Internet Explorer 5.x as part of EarthLink's browser toolbar (which also includes a pop-up blocker and spyware detector), and it automatically downloads a list of known phisher sites. When surfers try to access a fraudulent site, ScamBlocker redirects them to an alerts page on EarthLink's servers. Users can proceed to the scam site or report it to the ISP's abuse team, which tries to get the site's host to shut it down.
But such a service is only as good as its scammer blocklist. Besides its own list of phisher sites, EarthLink pulls information from Net auction giant EBay (a popular target of phisher scams) and antispam vendor Brightmail, which unveiled an enterprise-level fraud-prevention service last December.
EarthLink is in talks with financial institutions and other common victims of phisher "brand-spoofing," but declines to name any of them, says Scott Mecredy, EarthLink senior product manager.
Also, EarthLink plans to refresh its blocklist several times daily, similar to the way antivirus applications update their viral signature databases, Mecredy says. Even so, the first users to encounter a phisher attack may still be vulnerable, says Mark Bruno, Brightmail enterprise product manager.
"As with spam or viruses, people at the front end of the curve will still be attacked," Bruno says. "But we can prevent the majority of people from getting scammed."
From Russia With Love
Shutting down the scammers will pose a bigger challenge. EarthLink recently sued spammers also suspected of phishing. But the Anti-Phishing Working Group estimates up to 70 percent of phishers operate out of Eastern Europe, making them hard to pursue, let alone prosecute.
While EarthLink's approach is "fairly promising, these guys are limited in the volume of messages they see," says Dan Maier, an Anti-Phishing Working Group spokesperson. "How well is the EBay/EarthLink toolbar going to stop Citibank scams?"
Maier says combating phishers requires a combination of technologies, including ways to distinguish authentic Web sites from their copycats, heuristic methods to identify scams as phisher techniques evolve, and a global system to share information about attacks in real time. "In the longer run, we're trying to engage Microsoft and other vendors to build [anti-phisher technology] into their products," Maier says. For the short term, however, he says phisher scams "are a pretty easy way to make money right now."