A collaborative initiative involving several major industry players and law enforcement agencies has been launched in an effort to deal with the growing problem of online phishing scams.
The antiphishing group, called Digital PhishNet, includes companies such as America Online, EarthLink, Microsoft, and VeriSign, as well as government agencies such as the U.S. Federal Bureau of Investigation, the U.S. Secret Service, and the U.S. Postal Inspection Service.
The group hopes to improve the flow of information between industry and law enforcement agencies about phishing attacks, says Dan Larkin, unit chief at the FBI's Internet Fraud Complaint Center.
Because phishers are able to create and dismantle phony sites rapidly, "the key to stopping them is to identify and target them quickly," Larkin says. "Our industry partners have a unique perspective regarding these schemes, and how they look early on, that we in law enforcement don't always have."
Team Effort Praised
Having technology players working closely with law enforcement agencies is a good approach to dealing with phishers, says Avivah Litan, an analyst at Stamford, Connecticut-based research firm Gartner. "Law enforcement is not really equipped to deal with these cybercriminals," she says. "They don't have the technical skills or the staff."
As a result, technology companies will have to "spoon-feed them" a lot of the data and evidence needed to go after phishers, she adds.
Phishing scams are designed to lure people into parting with personal information such as credit card and driver's license numbers, and typically involve "spoofed" e-mail messages that appear to come from reputable companies.
Industry groups such as the Anti-Phishing Working Group have reported sharp increases in phishing scams over the past year. Between July and October alone, the number of phishing sites grew by an average of 25 percent a month, with 1142 active phishing sites reported in October. According to Gartner, for the 12-month period that ended last April, phishing attacks cost victims $1.2 billion--with U.S. companies bearing most of the costs.
Sharing Info Is Key
The newly formed coalition should help industry and law enforcement formulate a better response to the growing menace, says Judy Lin, an executive vice president at Mountain View, California-based VeriSign. "The goal is to create a safe place for participants to share information, including the nature of scams, the contacts that are necessary to shut down the scams, as well as techniques and best practices for combating these types of activities," she says.
Apart from sharing information with law enforcement, the group will also be investigating ways of legally "leveraging technology to bring down sites" that are being used to launch phishing attacks, Lin says.
"The reason this alliance was formed is not just to raise awareness of the problem but to take a proactive stance in tracking [scammers] and shutting them down," says Dave Alampi, vice president of marketing at Digital River, an Eden Prairie, Minnesota-based company that builds and manages e-commerce sites.
Because of the cross-border nature of the problem, the FBI is working on garnering support from law enforcement agencies in other parts of the world, Larkin says. "The message here is that industry is taking the problem very seriously and is committed to working with law enforcement" to stop phishing, he says.
This story, "Collaborative Launched to Combat Phishing" was originally published by Computerworld.