Anti-phishing 'posses' hunt criminals

Oct 05, 2005

California Gov. Arnold Schwarzenegger last Friday signed into law the first state legislation that penalizes fraudsters who steal online identities through "phishing" scams, but Internet companies and banks are not waiting for the law to stop the cyber-criminals and are actively taking covert measures to protect their customers, experts tell UPI's The Web.

"We generally find that law enforcement is so involved with other issues that phishing is low on their priority list," said Hugh Hyndman, chief operating officer of Toronto-based Brand Dimensions, an online brand consulting company, in an interview with The Web.

So private-sector companies are setting up private posses to chase down the cyber thieves. They are working with Internet service providers, Web-hosting services and even regional Internet authorities to alert them when a phishing phenomenon is discerned online -- when thousands of suspicious e-mails are sent from a site purporting to be a U.S. credit union but that originate in the Far East. They track down the very server that the fraudulent e-mail is coming from -- by its IP, or Internet Protocol address, and then work with established contacts to shut down the site and take it offline as soon as possible.

Phishing -- a form of online identity theft -- is on the rise. Organized criminals are attempting to steal personal financial data, like credit-card numbers, account usernames, passwords and Social Security numbers. They do this by setting up fake Web sites -- and sending out fraudulent e-mail to get Netsurfers to go to the Web site. A report from the Anti-Phishing Working Group indicates that, as of March of this year, there were 2,870 active phishing sites around the world. That number had grown by 28 percent during the previous nine months. About 31 percent of those sites have a URL similar to the name of their target institution -- so as to dupe clients. The average fraudulent site is online for only 5.8 days -- making fast action against the fraudsters imperative.

"We attempt to black hole the site," said Hyndman. "We've cultivated relationships with ISPs around the world. We have a great Rolodex. They know us personally. We have the home numbers in China of many leading Internet people. They don't want to be a country that houses criminals. They put a lot of effort into it."

Larger banks and financial institutions -- Fortune 500 firms -- have had IT staff dedicated to this kind of thing in the past. But now, smaller financial institutions, credit unions, regional and local banks can use the consulting services to stop the criminals before they cause too much damage.

The counter-phishing system documents the process by which the phishers attack. Then it identifies and verifies where the attacks are coming from, and then takes down the servers. Information on the phishers is retained -- so as to spot their patterns in the future.

What's more, the counter-phishing sites are conducting what amounts to counter-intelligence against the phishers.

"We're monitoring what the criminals do with the information they obtain -- so we're setting up fake account names," said Kevin Prince, president of Red Cliff Solutions Inc., a Salt Lake City, Utah-based Internet security company, in an interview with The Web. "We then work with the banks to monitor these red-flagged credit cards and other accounts. Then we work with law enforcement to arrest the person."

The cost of buying a stolen identity is about $10 on the black market today. The price used to be $50. The false bank accounts provided by the anti-phishing experts "spoil the databases" of the criminals and make reselling the stolen names impossible, ruining the credibility of the criminals amongst their colleagues, said Prince.

Copyright 2005 by United Press International

Explore further: Ex-Apple chief plans mobile phone for India

add to favorites email to friend print save as pdf

Related Stories

Surge in mobile network infections in 2013, says report

Jan 29, 2014

Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal ...

Facebook fights 'phishing' scam

May 01, 2009

Facebook Thursday said it has blocked a link at the heart of a "phishing" scam being used to dupe members into revealing passwords to accounts at the social networking website.

Recommended for you

Ex-Apple chief plans mobile phone for India

8 hours ago

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Health care site flagged in Heartbleed review

21 hours ago

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Airbnb rental site raises $450 mn

21 hours ago

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Four questions about missing Malaysian plane answered

21 hours ago

Travelers at Asian airports have asked questions about the March 8 disappearance of Malaysia Airlines Flight 370 while en route from Kuala Lumpur to Beijing. Here are some of them, followed by answers.

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...