WholeSecurity Inc. has struck a deal to help protect eBay Inc.’s customers from phishing scams.
The online auction giant is licensing WholeSecurity’s Web Caller-ID software, which detects spoofed sites. EBay will include Web Caller-ID in the Account Guard feature of the eBay Toolbar that stays resident in users’ browsers, alerting them whenever they visit a site purporting to be eBay or its online payment subsidiary PayPal.
Employing technology to identify phishing threats is just one way the industry should attack the problem, says Howard Schmidt, eBay’s chief information security officer and former White House cybersecurity adviser. “Like with any other threats, we’re looking at what are the technical things we can throw at it or change to make (e-commerce) more secure,” he says.
Web Caller-ID analyzes each Web page that an eBay Toolbar user visits implementing its “behavioural detection” method, searching for signs of spoofing, such as a long and convoluted URL or a recently registered DNS, says Scott Olson, senior vice-president of marketing with WholeSecurity. When it detects a spoofed site, the software blocks the user from the site, produces a pop-up window explaining that the site is fraudulent and reports the site to eBay.
Unlike other antiphishing offerings, such as Brightmail’s antifraud service that scans incoming e-mail for links to known spoofed sites, Web Caller-ID works within the browser to identify fraudulent sites. “The browser is where the harm is done,” Olson says. Users don’t even have to enter information into a spoofed site to be harmed, he adds, because many sites automatically download malicious code to an unsuspecting visitor’s PC and launch a virus or record the user’s keystrokes.
WholeSecurity is making Web Caller-ID available exclusively through licensing agreements.