America Online is trying to block the bait in phishing scams, announcing today that it will seek to identify bogus sites and prevent its users from gaining access to them.
AOL will work with Cyota, an anti-fraud and security company, to implement the plan, which will operate 24 hours per day. Phishing scammers create bogus sites that look like financial or retail sites in order to gather personal information that an unsuspecting user might type into them.
Often, the scammers send an e-mail that looks very much like one that of a legitimate business. The message may ask users to update their information or try in some other way to get them to give up private data.
“AOL’s move is a bold one,” SecurityCurve President Ed Moyle told the E-Commerce Times. “I’m impressed that they’ve decided to undertake this type of protection for their user community and I think that it’s a very responsible position on their part.”
When AOL decides to block a site, a member who tries to access the page will instead receive a notice explaining why the page has been blocked. Part of the difficulty with phishing is the ease with which legitimate sites can be mimicked.
“While we can introduce a healthy skepticism to users about e-mails they receive through education, the fact of the matter is that businesses do use e-mail to communicate with their customers and sometimes those e-mails contain links to their Web site,” Moyle said. “In other words, given the climate in which businesses operate, it is extremely difficult for a user to know which e-mails are real and which are scams if their particular service provider is the target of the scam.”
Others Trying, Too
The ISP is not the only company making an effort to prevent phishing attacks. Opera Software, developers of the Opera Web browser, yesterday released Opera 8.0, which includes an anti-phishing measure. The browser will show the certificate of secure sites so that users can match them with the URL they have typed in. The browser will also label the security of the site with levels from 1-3.
Moyle said that despite these moves, consumers should stay on guard.
“AOL’s decision to filter known phishing sites is a step in the right direction. Of course, the technology isn’t likely to be a complete barrier to all phishing, since it will take time to update the list of filtered sites as new scams are brought online, but I do think it is likely to greatly reduce the severity of the problem. If the technology prevents even80 percent of the phishing currently underway, that’s better than what we have today,” he said.
The ISP said it will add more tools to its anti-phishing arsenal in the coming months.