EBay, Microsoft, Visa Join in New Anti-Phishing Effort

EBay, Microsoft, PayPal and Visa are hooking up to catch some phishing fraudsters.

The high-tech heavyweights yesterday became the first participants in a new anti-phishing aggregation service dubbed the Phish Report Network and organized by WholeSecurity, an Austin, Texas-based company that screens Web sites for suspicious behavior.

Phishing is an act of fraud that involves an attempt by scam artists to steal the identities of Internet users by sending out e-mails or links to Web pages mimicking popular Web sites. These phishing e-mails and Web sites commonly ask Internet users to provide sensitive personally identifiable information, such as passwords, credit card numbers or bank account information.

Fraud Report

The Phish Report Network allows any company being victimized by phishing attacks to immediately and securely report fraudulent Web sites to a central database operated by WholeSecurity. Other companies subscribing to the Phish Report Network can then access the database or receive real-time notifications of known phishing sites, enabling them to more effectively protect consumers by blocking these sites in their user-facing security applications.

Jupiter Research retail analyst Patti Freeman Evans told the E-Commerce Times that the Phish Report Network is a significant development in the fight against phishing.

“Phishing has been a challenging issue for a lot of consumers,” Evans said. “Whatever the large brands, especially the ones that are targeted by phishers, can do to try to thwart these scams will make consumers more trusting of their sites overall. Phishing is an important issue for online retailers to try to police.”

The Anti-Phishing Working Group, a pan-industrial and law enforcement association focused on eliminating fraud resulting from phishing and e-mail spoofing, recently reported an 8,000 percent increase in phishing scams last year.

Additionally, the organization warned that phishing attack methods are becoming more sophisticated, such as incorporating malicious code into fraudulent Web sites, which could further victimize consumers. Industry experts agree that the escalating phishing problem, if left unabated, could result in significant financial losses.

“Phishing is the fastest-growing segment of spam being sent worldwide today, victimizing both legitimate online companies whose brands are being hijacked and consumers who are unwittingly providing their personal information to criminals,” Ryan Hamlin, general manager of the Safety Technology and Strategy Group at Microsoft, said.

To Catch a Phish

Hamlin said the data that the Phish Report Network will provide can help Microsoft immediately better defend its millions of users worldwide against these attacks.

Using the Phish Report Network’s secure service, participating companies list confirmed phishing sites. Recipients such as Microsoft, other Internet service providers, or user-facing security vendors obtain the aggregated lists and can incorporate them into various software, e-mail and browser services to help protect consumers against online fraud.

Any company impacted by phishing sites or with the ability to protect end users can participate in the Phish Report Network, based on meeting qualification criteria and adherence to program standards. The aggregation service will become increasingly valuable as additional companies join the Phish Report Network.

“EBay and PayPal’s participation in the Phish Report Network is one of many steps we have taken to improve security of the e-commerce experience,” said Howard Schmidt, eBay and PayPal’s chief security strategist and former White House cyber-security advisor. “As we co-develop technologies, educate online users and work with law enforcement, we can help significantly reduce the effect of cyber criminals.”

Brad Nightengale, department head of Emerging Products at Visa, said the company is joining the group to play a key role in stopping phishing before it happens in order to maintain global consumer confidence in the e-commerce channel. “As a leader in the payments industry, Visa is focused not just on shutting down phishing sites, but preventing phishing e-mails from ever reaching consumers worldwide,” Nightengale said.

Potential Impacts

Peter Selda, chief executive officer of WholeSecurity, is confident that the Phish Report Network will bear fruit as the industry consolidates to fight phishing. “The partnership we have formed with the founding members of the Phish Report Network is an important, groundbreaking step in reestablishing consumers’ confidence in online channels,” he said.

Jupiter’s Evans said online consumers shouldn’t hold their breath for overnight results, but anything e-tailers can do to thwart the rapid growth of phishing is a postive step for everyone on the World Wide Web.

“It’s important for these brands, from a business perspective, to protect their brands,” Evans said. “If their brands become undermined from a trustworthiness standpoint by phishing and other forms of online fraud, then that’s going to hurt them in the long run. It really behooves them to get in front of it as fast as possible.”