Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    System Uses CallerID Method to Beat Phishers

    By
    Mark Hachman
    -
    August 16, 2004
    Share
    Facebook
    Twitter
    Linkedin

      WholeSecurity has teamed up with auction provider eBay to announce a new technology that automatically sniffs out sites that could house so-called “phishing” attacks.

      Austin, Texas-based WholeSecurity Inc. on Monday launched Web CallerID, a detection, protection and management package that has been integrated into eBay Inc.s online toolbar. While WholeSecurity is currently marketing Web CallerID at large corporations seeking to protect their brand from phishing scams, executives hinted that a turnkey package aimed at smaller businesses may come later.

      The tool debuts against a backdrop of increased phishing attacks, which attempt to dupe customers into divulging personal information such as credit card numbers, bank-account information, passwords, Social Security numbers or other confidential data.

      Phishing often works through a combination of social engineering and deceptive Web design. In one common attack, for example, a JavaScript window pops up over the Internet Explorer address bar, obscuring the actual Web address by an almost-undetectable window that replaces the actual URL with a faked JPEG image of the sites actual address. The site appears innocent, luring users to enter personal information. Other dodges use site addresses that look authentic but arent.

      The Web CallerID tool works to identify the true owner of a Web address, in much the same way Caller ID identifies the person on the other end of the line. The software cross-checks its own database of corporate customers against tricks that phishers typically use, such as numerical IP addresses instead of domain names and hosting on free Web sites.

      In some sense, the software acts like a heuristic filter for phishers, much like a heuristic spam filter detects previously undiscovered spam, said J.T. Keating, vice president of corporate marketing at WholeSecurity.

      When the site detects a bad address, the software phones the WholeSecurity home server, adds the site to a blacklist of bad sites and notifies the user with a pop-up screen. A browser-based management interface then reports the phishing site to the customers internal security team, which can send off notices to the phishers ISP to shut the site down.

      Even though the software automatically reports the phishing site to the user, that customer also has the option of re-reporting the bad site, just to feel like he or she hooked the phisher, Keating added.

      According to Dan Hubbard, director of technology and security research at San Diego-based Websense Inc., the blacklists utility is of limited use, however, because phishing sites remain online for an average of 2.25 days.

      /zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      The Anti-Phishing Working Group in June reported a 19 percent increase in unique phishing attacks for a total of 1,422. And the rise in phishers is attracting other anti-phishing solutions anxious to stem the tide.

      “Theres a lot of copycatting going on,” Hubbard said of the phishing attacks. He participated in the Anti-Phishing Working Group report.

      “A lot of people see this as very easy to do and lucrative. These same people actually code one Web site one week and then run a different Web site a week later on the exact same machine.”

      “The really interesting item is that in all conversations [with customers], were having a huge percentage of people were talking to claim that theyve only been hit by one or two spoof attacks,” WholeSecuritys Keating said.

      “The real reasons people talk about our solutions is about consumer confidence–we hear customer-care people talking about how people dont trust electronic communications. Even worse, theyre picking up the phone and calling, which adds to help-desk costs.”

      /zimages/3/28571.gifClick here for six tips from a mutual fund company that fought back against phishing.

      But the Anti-Phishing Working Group also has seen a rise in a less-sophisticated form of online fraud, the simple creation of online “stores” that promise to deliver pharmaceutical supplies, sporting equipment or other merchandise but are merely fronts to scam personal information, Hubbard said.

      “One of the things I found shocking was that, OK, some of this comes from Azerbaijan or Sudan—thats Azerbaijan, there arent any real laws there,” said Peter Cassidy, the secretary-general of the group. “But a quarter comes from the U.S., 50 percent from the Western world—the other 8 percent is in Taiwan! That tells me that … its not all lost. Something can be done.”

      But as law enforcement evolves, so could phishers, Hubbard warned.

      Current phishes are designed to entice consumers to divulge financial information that can later be used against them. Analysts said that the next attempt, however, will likely be corporate, espionage-style attacks aimed at a particular company with the goal of persuading employees to divulge passwords or creating a back door into the network.

      /zimages/3/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

      /zimages/3/77042.gif

      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: /zimages/3/19420.gif http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      Avatar
      Mark Hachman

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×