Phishing for phishers

A new tool may help pinpoint the origin of phishing attacks.

Security professionals and law enforcement are getting some much needed help combating phishing scams with a tool that helps track down the criminals.

"It's an online radar that can detect phishing scams," said John Quarterman, president of InternetPerils Inc. in Austin, Texas.

Phishing, an online fraud aimed at gullible users, hurts enterprises' reputations

More on phishing

Three ways phishers are hooking you
Researchers say the bad guys are getting a lot better at catching users on the phishing hook. Three methods are of particular concern.

Customer vs. Bank of America: Who's to blame?
Who will win a landmark case on customer data protection?

Lawsuit could amplify data protection laws
A lawsuit brought by a Bank of America customer could set precedent for who is responsible for securing a consumer's data -- on the consumer's own computer.

and bottom lines by damaging consumer confidence in conducting business over the Internet. It can weaken a company's credibility and diminish the value of its brand. Another big issue for enterprises: e-mails making their way into corporate networks that ultimately glean passwords and account information, employees' personal information and confidential corporate data.

Thanks to a research and technology partnership between InternetPerils, which provides quantification and visualization products to determine Internet risk, the Anti-Phishing Working Group, Corillian Corp. and Websense Inc., individual computers and networks used for phishing scams and other types of online fraud can now be tracked to their source. Called PhishScope, the device collects and analyzes data for each phase of a scam and tracks connections by IP address. It produces a continually updated image to show where problems occur.

"It summarizes in a visual manner what happens during a phishing attack so stakeholders can identify what they need to do to prevent them," said Peter Cassidy, secretary general for the Anti-Phishing Working Group.

He added, "The idea is that, for example, a banker who is under attack can speak to a security person and law enforcement and they can look at the same data and all be on the same page -- they can grasp the situation immediately."

Quarterman said that up till now, law enforcement had a difficult time prosecuting phishers because individual crimes were small and couldn't justify the resources necessary to fully investigate. He believes that now many will get involved because the data offered by PhishScope shows the scope of a particular scam and can help track the attacker.

In a report last year, Gartner estimated that online phishing attacks cost banks and credit card issuers more than $1.2 billion in 2003 alone.

Dig deeper on Hacker Tools and Techniques: Underground Sites and Hacking Groups

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close