Companies combat phishing scams

London-based Barclays Bank PLC said it has signed up for an antifraud service from New York-based Cyota Inc., as part of an effort to weather the phishing frauds that seem to be hammering the Web these days.

Cyota’s FraudAction service, which Barclays piloted for three months earlier this year, is designed to help the bank more quickly detect and shut down phishing scams involving the use of its brand. FraudAction uses a network of probes seeded around the Web to scan more than 400 million e-mails a day looking for signs of phishing attacks, said Amir Orad, a Cyota vice-president.

In some instances, the service has helped Barclays detect and shut down scamming attacks in less than one hour, said Stuart MacKenzie, senior portfolio manager at Barclays.

“We wanted to ensure that we protected the integrity of the channel and kept customer confidence at a level where Barclays customers continued using (online channels),” MacKenzie said.

Barclays’ move is similar to one announced recently by eBay Inc., which is another favourite target of phishers. EBay is using so-called Web Caller-ID technology from Austin, Tex.-based WholeSecurity Inc. that’s designed to allow eBay users to verify the authenticity of a Web site.

Other companies are taking action against phishing attacks as well. Last month the New York-based Financial Services Technology Consortium (FSTC) said a counterphishing initiative announced on Sept. 20 had so far attracted 11 financial services companies and 17 technology vendors. The initiative is focused on developing technology and operational safeguards for countering phishing. Participants include CitiGroup Inc., J.P. Morgan Chase & Co. and Visa U.S.A. Inc.

The efforts come at a time when there has been a significant increase in the number of phishing attacks, which involve the use of fake e-mails and Web sites to extract confidential information from users. The Anti-Phishing Working Group, an industry association, reported 1,974 unique phishing attacks in July and said that average monthly growth rates had been exceeding 50 per cent to that point.

Companies are being forced to respond because of costs, said Gene Neyer, a managing executive of the FSTC effort. “There is a cost to the banks in terms of loss of consumer confidence; there’s a cost to banks in terms of their ability to conduct their own business (over the Internet),” Neyer said. Other costs come from the sharp increase in customer support calls following a phishing attack and the expense related to replacing compromised cards or passwords and other confidential data, he said.

Dealing with the problem involves battles on multiple fronts, MacKenzie said, and technology approaches such as Cyota’s address only part of the problem. Because phishing attacks cross international borders, broad cooperation among law enforcement authorities and Internet service providers in different countries is required to effectively deal with the issue, he said.

Greater effort also needs to be made in educating people about the issue, he added. “You can have great mousetraps for catching such attacks, but it’s very difficult to shut them down,” given the cross-border nature of the problem, said Avivah Litan, an analyst at Gartner Inc. Even so, deploying defensive measures is the best that companies can do, she said. “It’s better than not doing anything,” Orad said.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now