- Related Stories
-
Phishers get personal
May 26, 2005 -
Caught in a phishing trap
November 17, 2004
The group has expanded its simple list of phishing scams into a database that can be used for analyses and to share information with members, said Patrick Cain, a research fellow at the group. Additionally, a standard XML, or extensible markup language, form has been created to facilitate the submission of data on attacks to the organization, he said.
"We're hoping to become a clearinghouse" for phishing data, Cain said in an interview Wednesday at Inbox, a conference on e-mail being held here.
Have you been phished?
The data could be used in products to protect Internet users and for analyses of attacks, which in turn could help law enforcement track down phishers, Cain said. The group's list already includes data on about 75,000 phishing e-mails, he said.
The Anti-Phishing Working Group was established last year to combat fraud and identity theft resulting from phishing and related attacks. The group's members include banks, Internet service providers, law enforcement agencies and technology vendors.
The online industry has been grappling to fight phishing, a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. Related attacks include pharming and e-mail spoofing.
As phishing scams become more complex and harder to track, a single repository with information collected from different sources will help safeguard Internet users, said Joel Smith, chief technology officer at Appriver, a Gulf Breeze, Fla.-based spam-filtering company.
The new database will be accessible only to Anti-Phishing Working Group members. Also, those who submit data can opt to not disclose certain information, Cain said. In some cases, companies that fall victim to phishing attempts don't want that to get public, because it could blemish their reputation, he said.
Security companies and Internet businesses typically collect their own phishing data. There are also group efforts, including the Phish Report Network, announced in February and backed by Microsoft, eBay, PayPal and Visa.
However, the Anti-Phishing Working Group believes its broad membership means that its efforts are valuable because they're not linked to a specific security company, Cain said.
Appriver's Smith agreed. "The repository needs to be vendor neutral, and I think companies should embrace it and share their data," he said.
EarthLink is interested in using the Anti-Phishing Working Group's data for its EarthLink Toolbar, said Kate Trower, a product manager at the Internet service provider. The EarthLink Toolbar is a Web browser plug-in that promises to combat phishing by blocking Web sites known to be malicious and scanning other sites for signs of fraud schemes.
Currently, EarthLink uses data from multiple providers to compile its list of malicious sites, Trower said. "I would rather have a centralized repository, but we're not there yet, so I will take as much data as I can get," she said. EarthLink is also looking into joining the Phish Report Network, she said.
Several other products also use blacklists to protect against phishing attempts. These include the latest Netscape and Deepnet Explorer browsers, and browser plug-ins provided by eBay and Netcraft.
Microsoft, one of the key backers of the Phish Report Network, does not see the Anti-Phishing Working Group as competition. "There are multiple needs of providing real-time data," said Craig Spiezle, a director in Microsoft's technology care and safety group. "We have offered to provide data to the Anti-Phishing Working Group."
See more CNET content tagged:
phishing, AppRiver, EarthLink Inc., repository, security company
these are ALL phishing expeditions. One was "from" my previous bank and was authoritative enough that had I not long since tired from recieving "my bank" notices from banks I never heard of, let alone did business with, I may have responded. If it had been recieved before the tirade of obvious lies I hope I would have seen through it but I am not sure.
there are two things that you must do
first NEVER respond TO THEM
second ALWAYS report THEM
there is one thing these databanks MUST DO
make reporting as easy as possible
I currently can report (to a government database that is just monitoring the situation) using five "clicks"
1> click reply
2> highlight the TO: address (this selects it)
3> press backspace (this deletes senders eMail address)
4> click the quick address button reportSPAM TO:
(this places spam@uce.gov in TO: fo eMail)
5> press send
I have my email info set to VERBOSE so I see all the IP addresses and mailing deamons names... these are copied with the message to the bottom of my reply when the reply button is pressed
My eMail company has a report spam button but I do not trust it since I have used it repeatedly on the company UMAX which took me a month to get my money back from when they refused to send me the photocopier I had paid for
Their eMails include an unsubscribe box that claims you have been unsubscribed, but no less than three times I suposedly unsubscribed from their list but they keep sending emails
this has been going on since january and I recieved another just last week
THUS I suggest you report directly to the authorities (the prosecuters) and the databases
this XML reporting service doesn't sound like it will be very easy and may allow info in wrong place
mixing up sending date and reporting date wouldn't matter but exchanging sending IP and reporting IP or transposing digits of either definatly would
better to request the entire eMail(with all posible info) be sent to a special eMail account and have a program automatically select the info and place it in the database