Fighting Phishers Through Education
eBays Durzy said the company continues to dedicate the majority of its focus, not to pursuing phishers, but to educating customers about the problem. The firm is also encouraging users to download its Web browser tool bar, which warns users when they visit sites that appear to be eBay spoofs.Durzy said eBay also continues to work with law enforcement officials to report and provide information on phishers and other online criminals, to help go after schemers outside the boundaries of the Web. Some experts contend that the phishing problem will continue to haunt the Web, and high-profile e-commerce players such as eBay, as long as criminals can figure out new ways to dupe consumers and avoid prosecution, or as long as the schemes keep paying off. Todd Bransford, vice president of marketing for online-security management services provider Cyveillance Inc. of Arlington, Va., said attacks on eBay and large financials institutions still account for a majority of the phishing threats his company tracks, but the firm also sees phishing moving out in new directions. He said eBay has done a good job of informing and protecting its customers, but he believes that phishers will continue to aim attacks at the auction site and its PayPal division as long as those efforts keep making money. Read details here about why some phishers are concentrating on the area of e-banking. "Its interesting, we still see a disproportionate number of attacks on eBay and PayPal, even though eBay is being very aggressive against it, as those user IDs are like gold to the criminals," Bransford said. "But phishers are also moving downstream to credit unions and other financial services companies that might not be as savvy as larger banks, hotels are having more problems with frequent flier programs, and even insurance companies are being phished." While he said consumers have become increasingly savvy about avoiding the fraudulent sites, in part through the customer education efforts of eBay and other frequent targets, Bransford said he sees other problems emerging in the phishing arena, including a growing number of spyware applications loaded onto peoples computers by the sites. "Phishing is moving cross-industry, perhaps because people have gotten smarter, but its moving into new areas all the time," he said. "In cases such as this where the criminals have figured out some way to keep their site up longer, you only wonder how many people will get tricked." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Durzy said the toolbar application successfully denotes the page in question as fraudulent when someone points the browser to the address.