Security professionals and law enforcement are getting some much needed help combating phishing scams with a tool that helps track down the criminals.
"It's an online radar that can detect phishing scams," said John Quarterman, president of InternetPerils Inc. in Austin, Texas.
Phishing, an online fraud aimed at gullible users, hurts enterprises' reputations
and bottom lines by damaging consumer confidence in conducting business over the Internet. It can weaken a company's credibility and diminish the value of its brand. Another big issue for enterprises: e-mails making their way into corporate networks that ultimately glean passwords and account information, employees' personal information and confidential corporate data.
Thanks to a research and technology partnership between InternetPerils, which provides quantification and visualization products to determine Internet risk, the Anti-Phishing Working Group, Corillian Corp. and Websense Inc., individual computers and networks used for phishing scams and other types of online fraud can now be tracked to their source. Called PhishScope, the device collects and analyzes data for each phase of a scam and tracks connections by IP address. It produces a continually updated image to show where problems occur.
"It summarizes in a visual manner what happens during a phishing attack so stakeholders can identify what they need to do to prevent them," said Peter Cassidy, secretary general for the Anti-Phishing Working Group.
He added, "The idea is that, for example, a banker who is under attack can speak to a security person and law enforcement and they can look at the same data and all be on the same page -- they can grasp the situation immediately."
Quarterman said that up till now, law enforcement had a difficult time prosecuting phishers because individual crimes were small and couldn't justify the resources necessary to fully investigate. He believes that now many will get involved because the data offered by PhishScope shows the scope of a particular scam and can help track the attacker.
In a report last year, Gartner estimated that online phishing attacks cost banks and credit card issuers more than $1.2 billion in 2003 alone.