Anti-Phishing Software Protects Consumers from Fraud

A new company in the anti-phishing space is offering a free program that acts much like a firewall for Web sites to protect computer users from online fraud attacks.

FraudEliminator, a security software startup, is offering the first product to provide comprehensive protection to home Internet users from online fraud schemes and phishing attacks.

Phishing is a tactic criminals use to trick computer users to visit a fraudulent Web site or respond to phony e-mail messages and disclose person identification and financial account passwords.

No Spyware

Unlike some other freeware products that are delivery vehicles for camouflaged adware and tracking code, FraudEliminator is completely safe, the company says. The company and its product go by the same name.

“It doesn’t contain adware or spyware bundled with it,” CEO Jeffrey Hellman told TechNewsWorld. “We are opposed to any sort of user tracking. Our product has a strict privacy policy.”

The company hopes to make money by protecting users against online identity theft. The profit is expected to come from a paid product down the line.

“Right now we are not making money,” Hellman said. “We want to improve our block list [this is a list of phishing Web sites] and eventually offer a product for purchase by offering more features.”

The California-based company was formed in mid-2004. It released FraudEliminator in November. So far, the product has several thousand users.

“We’re picking up new users slowly. Hopefully, the Tell-A-Friend feature will bring us more customers,” Hellman said.

Program Features

In the meantime, the free version packs a lot of power. It installs a toolbar that protects users by automatically identifying and blocking online fraud.

FraudEliminator also gives users an opportunity to fight back against online fraud by letting them report fraud incidents to the company’s central database.

Additionally, the product includes other popular toolbar functions, such as integrated search capabilities and user-configurable pop-up protection.

FraudEliminator offers users one feature not available in any other product, toolbar or otherwise: It identifies the country of origin of every Web site.

“We use a block list that catches just about everything,” Hellman said.

The program compares Web sites against the company’s known list of URLs that might be phishing hideouts or hacked sites. It automatically contacts the database every hour for block list updates.

How It Works

The program’s code is written for ease of use and functionality.

“Until now, users who were concerned about phishing have only been offered difficult-to-understand advice like ‘stop clicking on links in e-mail’ or ‘inspect the address bar of every Web page you visit,'” Hellman said. “We developed FraudEliminator because we believe average Internet users need a simple-to-use, free-of-charge tool that finds and blocks fraud on their behalf.”

FraudEliminator maintains a real-time threat database that tracks identifying information about every known online fraud threat. To keep the database up to date, FraudEliminator has built a network of fraud incident collection points.

The program tracks results and reports signs of possible fraud to FraudEliminator’s server. But it does so anonymously so user identification is not recorded.

If users want to initiate a more detailed fraud incident report, they can send it from within the program. That report, however, identifies the user.

Maintains Fraud Database

Every fraud incident is reviewed by the company’s fraud analysts to ensure the integrity of the database. Adding yet another layer of protection, FraudEliminator has also developed a proprietary set of statistical algorithms designed to recognize signs of fraud.

For example, the program would automatically block a fraudulent Web site claiming to be the user’s bank. It also would recognize a financial contact that is actually based in Moldova or another unusual location and would block the Internet connection.

The program also recognizes other telltale signs of phishing sites and blocks them as potentially fraudulent.

The program jumps into action as soon as a user clicks on an offending Web site. That site is then added to the FraudEliminator database, so other users are protected from viewing it as well.

This is done in conjunction with FraudEliminator staff going out and identifying dangerous sites.

Foolproof Operation

The problem with other attempts to block phishing, Hellman said, is the alerts are too small and disappear too quickly.

Users either don’t respond quickly enough or mistakenly click an approval button that overrides the security warning.

“We give users the ability to interrupt a page as it is loading and block it until the user says to display the page,” Hellman said.

Thus, FraudEliminator blocks a page so the user can evaluate the warning. The page will not load. Instead, the screen displays a large red and black warning. A big training tag tells what is wrong with the site.

In cases of sites that are merely suspected of fraudulent activity, the user can cancel the warning and continue with the surfing activity. However, for known fraudulent Web sites, the program blocks access and does not give users any opportunity to bypass the blocked page.

Free Download

The free download of FraudEliminator can be accessed at http://www.fraudeliminator.com.

Company officials said they have designed a security program so safe and easy to use that you can install it on your grandmother’s machine.