June 1, 2005 5:41 PM PDT

Group pools data to trap phishers

Related Stories

Phishers get personal

May 26, 2005

Caught in a phishing trap

November 17, 2004
SAN JOSE, Calif.--The Anti-Phishing Working Group is coordinating efforts to build a central repository for phishing data, to better protect Internet users and help catch cybercriminals.

The group has expanded its simple list of phishing scams into a database that can be used for analyses and to share information with members, said Patrick Cain, a research fellow at the group. Additionally, a standard XML, or extensible markup language, form has been created to facilitate the submission of data on attacks to the organization, he said.

"We're hoping to become a clearinghouse" for phishing data, Cain said in an interview Wednesday at Inbox, a conference on e-mail being held here.

Related feature
Have you been phished?
Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

The data could be used in products to protect Internet users and for analyses of attacks, which in turn could help law enforcement track down phishers, Cain said. The group's list already includes data on about 75,000 phishing e-mails, he said.

The Anti-Phishing Working Group was established last year to combat fraud and identity theft resulting from phishing and related attacks. The group's members include banks, Internet service providers, law enforcement agencies and technology vendors.

The online industry has been grappling to fight phishing, a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. Related attacks include pharming and e-mail spoofing.

As phishing scams become more complex and harder to track, a single repository with information collected from different sources will help safeguard Internet users, said Joel Smith, chief technology officer at Appriver, a Gulf Breeze, Fla.-based spam-filtering company.

The new database will be accessible only to Anti-Phishing Working Group members. Also, those who submit data can opt to not disclose certain information, Cain said. In some cases, companies that fall victim to phishing attempts don't want that to get public, because it could blemish their reputation, he said.

Security companies and Internet businesses typically collect their own phishing data. There are also group efforts, including the Phish Report Network, announced in February and backed by Microsoft, eBay, PayPal and Visa.

However, the Anti-Phishing Working Group believes its broad membership means that its efforts are valuable because they're not linked to a specific security company, Cain said.

Appriver's Smith agreed. "The repository needs to be vendor neutral, and I think companies should embrace it and share their data," he said.

EarthLink is interested in using the Anti-Phishing Working Group's data for its EarthLink Toolbar, said Kate Trower, a product manager at the Internet service provider. The EarthLink Toolbar is a Web browser plug-in that promises to combat phishing by blocking Web sites known to be malicious and scanning other sites for signs of fraud schemes.

Currently, EarthLink uses data from multiple providers to compile its list of malicious sites, Trower said. "I would rather have a centralized repository, but we're not there yet, so I will take as much data as I can get," she said. EarthLink is also looking into joining the Phish Report Network, she said.

Several other products also use blacklists to protect against phishing attempts. These include the latest Netscape and Deepnet Explorer browsers, and browser plug-ins provided by eBay and Netcraft.

Microsoft, one of the key backers of the Phish Report Network, does not see the Anti-Phishing Working Group as competition. "There are multiple needs of providing real-time data," said Craig Spiezle, a director in Microsoft's technology care and safety group. "We have offered to provide data to the Anti-Phishing Working Group."


Join the conversation!
Add your comment
the need is HUGE
I have recieved dozens of different banks claiming my info isn't secure and I need to update

these are ALL phishing expeditions. One was "from" my previous bank and was authoritative enough that had I not long since tired from recieving "my bank" notices from banks I never heard of, let alone did business with, I may have responded. If it had been recieved before the tirade of obvious lies I hope I would have seen through it but I am not sure.

there are two things that you must do

first NEVER respond TO THEM

second ALWAYS report THEM

there is one thing these databanks MUST DO

make reporting as easy as possible
I currently can report (to a government database that is just monitoring the situation) using five "clicks"

1> click reply
2> highlight the TO: address (this selects it)
3> press backspace (this deletes senders eMail address)
4> click the quick address button reportSPAM TO:
(this places spam@uce.gov in TO: fo eMail)
5> press send

I have my email info set to VERBOSE so I see all the IP addresses and mailing deamons names... these are copied with the message to the bottom of my reply when the reply button is pressed

My eMail company has a report spam button but I do not trust it since I have used it repeatedly on the company UMAX which took me a month to get my money back from when they refused to send me the photocopier I had paid for
Their eMails include an unsubscribe box that claims you have been unsubscribed, but no less than three times I suposedly unsubscribed from their list but they keep sending emails
this has been going on since january and I recieved another just last week

THUS I suggest you report directly to the authorities (the prosecuters) and the databases

this XML reporting service doesn't sound like it will be very easy and may allow info in wrong place
mixing up sending date and reporting date wouldn't matter but exchanging sending IP and reporting IP or transposing digits of either definatly would
better to request the entire eMail(with all posible info) be sent to a special eMail account and have a program automatically select the info and place it in the database
Posted by qazwiz (208 comments )
Reply Link Flag
press backspace
<a class="jive-link-external" href="http://www.analogstereo.com/mitsubishi_lancer_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/mitsubishi_lancer_owners_manual.htm</a>
Posted by George Cole (314 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.