Entertainment and Sports
49ers Entertainment, Sports and so
Discussions actives
Session
Sports and Human
"I was very surprised to find out that, pretty much in all cases, I was the only person reporting the site," said Eckelberry, who is president of Clearwater, Fla.-based anti-spyware toolmaker Sunbelt Software. "You would think a lot of stuff like this goes on, but it actually doesn't."
Eckelberry's frustration was shared by Paul Laudanski of CastleCops, an online security community. The two joined forces and this week, Sunbelt and CastleCops are officially launching a volunteer group, dubbed the Phishing Incident Reporting and Termination squad, or PIRT.
In the round-the-clock PIRT operation, the volunteer "handlers" around the world take in reports from consumers of suspected phishing Web sites and work to take the sites offline. On Friday, before its official launch, the group received 100 phishing reports, and 30 of those were shut down in a few hours, Laudanski said.
"We want to give the average consumer a way to jump in and help," Eckelberry said. "It is a personal passion because I know my mom is the kind of person who will click on this phishing link, no matter how many times I warn her."
Phishing outline
Phishing is a prevalent type of online scam in which attackers attempt to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. That spells easy money for criminals, who sell the data they steal or use it to buy goods for resale, for example.
There are already a couple of places people can report suspected Web sites. There are add-on toolbars or built-in features in Web browsers that let people click and submit a URL. If these check out, they're added to a blacklist used by the company that provides the toolbar. That means the phishing information can be scattered among different software providers.
Alternatively, scam e-mails can be submitted to the Anti-Phishing Working Group, which stores the information in a database used by makers of security software and others, but takes no further action. The APWG, an effort backed by security companies, financial services providers and others, includes Symantec, McAfee and Microsoft as sponsors.
Despite industry efforts, phishing is still on the rise, and experts predict that scams will become increasingly sophisticated. A record 9,715 phishing Web sites were spotted in January, according to an Anti-Phishing Working Group paper (PDF here). The PIRT group aims to get consumers more involved in the phishing fight and bring down malicious sites more quickly.
The PIRT handlers, who must all have an established security track record, will analyze phishing e-mails and contact the host of the Web site, usually an Internet service provider, as well as the company whose customers are being targeted, Eckelberry said.
Additionally, the volunteers will share phishing reports with security companies, the Anti-Phishing Working Group and other efforts that exist to fight the scams, he said.
"We do not want to discount any of those efforts," Eckelberry said. "This is an additional layer to pick up any reports that were not submitted. We are seeing a large number of cases where phishing attacks are not reported."
Eckelberry's frustration was shared by Paul Laudanski of CastleCops, an online security community. The two joined forces and this week, Sunbelt and CastleCops are officially launching a volunteer group, dubbed the Phishing Incident Reporting and Termination squad, or PIRT.
In the round-the-clock PIRT operation, the volunteer "handlers" around the world take in reports from consumers of suspected phishing Web sites and work to take the sites offline. On Friday, before its official launch, the group received 100 phishing reports, and 30 of those were shut down in a few hours, Laudanski said.
"We want to give the average consumer a way to jump in and help," Eckelberry said. "It is a personal passion because I know my mom is the kind of person who will click on this phishing link, no matter how many times I warn her."
Phishing outline
Phishing is a prevalent type of online scam in which attackers attempt to steal sensitive data such as user names, passwords and credit card details. The attacks typically combine spam e-mail and fraudulent Web pages that look like legitimate sites. That spells easy money for criminals, who sell the data they steal or use it to buy goods for resale, for example.
There are already a couple of places people can report suspected Web sites. There are add-on toolbars or built-in features in Web browsers that let people click and submit a URL. If these check out, they're added to a blacklist used by the company that provides the toolbar. That means the phishing information can be scattered among different software providers.
Alternatively, scam e-mails can be submitted to the Anti-Phishing Working Group, which stores the information in a database used by makers of security software and others, but takes no further action. The APWG, an effort backed by security companies, financial services providers and others, includes Symantec, McAfee and Microsoft as sponsors.
Despite industry efforts, phishing is still on the rise, and experts predict that scams will become increasingly sophisticated. A record 9,715 phishing Web sites were spotted in January, according to an Anti-Phishing Working Group paper (PDF here). The PIRT group aims to get consumers more involved in the phishing fight and bring down malicious sites more quickly.
The PIRT handlers, who must all have an established security track record, will analyze phishing e-mails and contact the host of the Web site, usually an Internet service provider, as well as the company whose customers are being targeted, Eckelberry said.
Additionally, the volunteers will share phishing reports with security companies, the Anti-Phishing Working Group and other efforts that exist to fight the scams, he said.
"We do not want to discount any of those efforts," Eckelberry said. "This is an additional layer to pick up any reports that were not submitted. We are seeing a large number of cases where phishing attacks are not reported."
Ecrit par 49ers, le Mardi 28 Mars 2006, 10:03 dans la rubrique Actualités.
Repondre a cet article
Version XML - Cette page est peut-être encore valide XHTML1.1 et CSS sans tableaux.