ISPs, Banks Team to Fight Phishing
Dubbed Digital PhishNet, the effort unites major ISPs Microsoft, AOL and EarthLink with nine of the top U.S. banks to aid federal law enforcement agencies by forwarding information on phishing attacks. Agencies participating include the Federal Bureau of Investigation, Secret Service, U.S. Postal Inspection Service and Federal Trade Commission.
Digital PhishNet will create a clearinghouse to collect information that each member's investigators gather on phishing attacks targeting their customers. It is hoped the extensive data will yield patterns that help investigators track down those behind the phishing attacks.
"It became apparent that we had to start looking at it not from Microsoft's perspective or EarthLink's or Citibank's, but more from an industry perspective," said Stirling McBride, Microsoft's chief investigator for phishing.
Other participants in Digital PhishNet include Digital River, Lycos, Network Solutions and Verisign.
Phishing has emerged as the top threat to Internet commerce, surpassing even spam. The attacks take advantage of the open Internet architecture that lets phishers send e-mails appearing to be from a trusted source, such as a bank. The messages often ask a consumer for confidential personal information, like a credit card number, in order to verify an account. The information entered is stolen.
TRUSTe estimates phishing scams have cost consumers $500 million. The Anti-Phishing Working Group, an industry group formed to track the problem, reports more than 1,100 phishing sites were in operation in October, growing at a 25 percent monthly rate since July.
E-mail authentication technologies -- such as Microsoft's Sender ID, SPF and Yahoo's DomainKeys -- are meant to fix a flaw in the e-mail architecture that gives senders anonymity. It is hoped that these technologies will put a big dent in phishing.
"I hope it's not going to be around much longer, or be as prevalent as it is now," McBride said.