Anti-phishing 'posses' hunt criminals

October 5, 2005

California Gov. Arnold Schwarzenegger last Friday signed into law the first state legislation that penalizes fraudsters who steal online identities through "phishing" scams, but Internet companies and banks are not waiting for the law to stop the cyber-criminals and are actively taking covert measures to protect their customers, experts tell UPI's The Web.

"We generally find that law enforcement is so involved with other issues that phishing is low on their priority list," said Hugh Hyndman, chief operating officer of Toronto-based Brand Dimensions, an online brand consulting company, in an interview with The Web.

So private-sector companies are setting up private posses to chase down the cyber thieves. They are working with Internet service providers, Web-hosting services and even regional Internet authorities to alert them when a phishing phenomenon is discerned online -- when thousands of suspicious e-mails are sent from a site purporting to be a U.S. credit union but that originate in the Far East. They track down the very server that the fraudulent e-mail is coming from -- by its IP, or Internet Protocol address, and then work with established contacts to shut down the site and take it offline as soon as possible.

Phishing -- a form of online identity theft -- is on the rise. Organized criminals are attempting to steal personal financial data, like credit-card numbers, account usernames, passwords and Social Security numbers. They do this by setting up fake Web sites -- and sending out fraudulent e-mail to get Netsurfers to go to the Web site. A report from the Anti-Phishing Working Group indicates that, as of March of this year, there were 2,870 active phishing sites around the world. That number had grown by 28 percent during the previous nine months. About 31 percent of those sites have a URL similar to the name of their target institution -- so as to dupe clients. The average fraudulent site is online for only 5.8 days -- making fast action against the fraudsters imperative.

"We attempt to black hole the site," said Hyndman. "We've cultivated relationships with ISPs around the world. We have a great Rolodex. They know us personally. We have the home numbers in China of many leading Internet people. They don't want to be a country that houses criminals. They put a lot of effort into it."

Larger banks and financial institutions -- Fortune 500 firms -- have had IT staff dedicated to this kind of thing in the past. But now, smaller financial institutions, credit unions, regional and local banks can use the consulting services to stop the criminals before they cause too much damage.

The counter-phishing system documents the process by which the phishers attack. Then it identifies and verifies where the attacks are coming from, and then takes down the servers. Information on the phishers is retained -- so as to spot their patterns in the future.

What's more, the counter-phishing sites are conducting what amounts to counter-intelligence against the phishers.

"We're monitoring what the criminals do with the information they obtain -- so we're setting up fake account names," said Kevin Prince, president of Red Cliff Solutions Inc., a Salt Lake City, Utah-based Internet security company, in an interview with The Web. "We then work with the banks to monitor these red-flagged credit cards and other accounts. Then we work with law enforcement to arrest the person."

The cost of buying a stolen identity is about $10 on the black market today. The price used to be $50. The false bank accounts provided by the anti-phishing experts "spoil the databases" of the criminals and make reselling the stolen names impossible, ruining the credibility of the criminals amongst their colleagues, said Prince.

Copyright 2005 by United Press International

Explore further: Uncovering data theft quickly

Related Stories

Uncovering data theft quickly

August 1, 2017

Computer experts have always struggled to find solutions for protecting businesses and authorities from network breaches. This is because there are too many vague indicators of potential attacks. With PA-SIEM, IT managers ...

Facebook fights 'phishing' scam

May 1, 2009

Facebook Thursday said it has blocked a link at the heart of a "phishing" scam being used to dupe members into revealing passwords to accounts at the social networking website.

Kaspersky Lab spots mobile malware interest on bank accounts

February 27, 2014

Looking at data for 2013, Kaspersky Lab analysts said it is clear that the mobile malware sector has grown up to be a breed of sophisticated pickpockets with slick techniques and with special sights on robbing money from ...

Recommended for you

Tiny protein coiled coils that self-assemble into cages

October 17, 2017

(Phys.org)—A large team of researchers with members from Slovenia, the U.K, Serbia, France and Spain has developed a technique that causes proteins to self-assemble into geometric shapes on demand. In their paper published ...

Webcam on Mars Express surveys high-altitude clouds

October 17, 2017

An unprecedented catalogue of more than 21 000 images taken by a webcam on ESA's Mars Express is proving its worth as a science instrument, providing a global survey of unusual high-altitude cloud features on the Red Planet.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.