IT, vendors scramble to combat phishing

The rapid growth of so-called phishing scams has left IT managers, industry groups and technology vendors scrambling to deal with the e-mail fraud problem.

A large part of the effort is focused on consumer awareness programs, cross-border law enforcement activities and improvements in information sharing between companies and authorities. But new tools and services that could help companies better detect and respond to such scams are also beginning to emerge.

For example, Cyota Inc., a New York company that offers secure payment services to banks, is beta-testing an antiphishing service that uses a network of probes seeded around the Internet to detect scams, said CEO Naftali Bennet. The technology could also help users apply countermeasures, Bennet added. He said he expects the beta testing to continue for several months.

Bath, England-based Netcraft Ltd. on Jan. 5 launched a service aimed at detecting and tracking Web sites involved in phishing scams. Envisional Ltd., a Cambridge, England-based provider of antipiracy and online brand protection services, added antiphishing capabilities to its offerings in December. Brightmail Inc. in San Francisco and Cyveillance Inc. in Arlington, Va., have also announced services designed to stop phishing scams.

The goal of phishing is to fool people into parting with personal information such as their credit card, driver’s licence and bank account numbers. The schemes typically involve e-mails with messages, return addresses, links and branding that appear to come from reputable companies.

This week, for instance, Citibank Inc. and London-based Barclays Bank PLC warned customers to ignore messages urging them to go to spoofed Web sites where they would be asked to provide sensitive data. Phishers have also gone after customers of eBay Inc., PayPal Inc. and other e-commerce companies.

Robert Garigue, the Toronto-based chief information security officer at Bank of Montreal, said when the bank’s customers were targeted by a recent phishing scam, it worked with the Royal Canadian Mounted Police and the FBI to quickly shut down a bogus Web site hosted by a service provider in the U.S. He said cooperation and information sharing are crucial to stemming the phishing problem.

Garigue thinks phishing is on the rise because increased security measures are making it harder for attackers to directly breach enterprise networks. “The consumer has become the weakest link in the trust chain,” he said.

Dave Jevans, chairman of the recently formed Anti-Phishing Working Group, said the number of unique phishing scams has grown to about five per day. That compares with an average of 1.5 attacks daily before the holiday season, said Jevans, whose organization has more than 60 members, including financial services companies and IT vendors.

Companies whose names are used in scams can incur “substantial operational costs” if they have to change passwords and PINs for thousands of customers, said Gartner Inc. analyst John Pescatore.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now