Essentially, we've created an online radar that can detect Phishers
Austin, TX (PRWEB) May 24, 2005
InternetPerils Inc, a leading provider of automated products for Internet Business Risk Management, today announced that it is utilizing its PerilScopeÂ visualization technology to track down and identify Internet domains that harbor, knowingly or unknowingly, malicious Phishing websites. InternetPerils is working in association with research from Corillian Corp. (NASDAQ: CORI), the top provider of online banking and anti-fraud solutions to leading financial institutions, Websense, Inc. (NASDAQ: WBSN), the world's leading provider of employee Internet management solutions, and the Anti-Phishing Working Group (APWG) to follow trend and growth patterns.
By hijacking the brands of banks, credit card companies, and e-tailers, Phishing scams typically operate counterfeit websites that lure consumers into revealing their personal and financial data, including social security numbers, bank and credit card account information, and details of online accounts and passwords. In a 2004 report, Gartner estimated that 57 million people had received online Phishing attacks, costing banks and credit-card issuers over $1.2 billion in 2003 alone. In addition, Phishers are beginning to target employees within organizations, attempting to gather valuable network identification and passwords that can result in the loss of confidential information or lead to security breaches.
By utilizing a combination of data gathering, data analysis, and visualization of the results, InternetPerils is able to locate individual computers and networks of computers that are used for Phishing and online fraud, often in the setup phase. The collaboration of InternetPerils, with statistical data from Corillian's Fraud Detection System, Websense, and the APWG demonstrates that through a variety of disciplines and techniques, it's possible to visualize the servers involved in Phishing scams to facilitate technical, legal, and law-enforcement intervention and mitigation.
"Essentially, we've created an online radar that can detect Phishers," explained John Quarterman, president of InternetPerils Inc. "Further development and refinement will provide even more powerful forensic analysis, pattern recognition, and metrics needed to automate the visualization of similar anomalies."
"This visual approach involves using latency as a form of inferential geolocation," said Peter Cassidy, secretary general for the APWG. "This technique is based on the speed of electrons that can describe entire arrays of Phishing attack servers. When fused with other data, we can visualize the server and its network so that all stakeholders can quickly grasp the attack scenario and mount appropriate action."
PerilScope visualization gives insurance companies, banks, credit card companies, e-tailers and ISPs, as well as government regulatory and enforcement agencies, a highly effective tool to help stop Phishing attacks, illustrate how attacks occur, and combat the impact Phishing schemes have on Internet commerce, performance, and security.
"The capability developed by our companies has resulted in an early warning system that can find the computers used to launch attacks related to online fraud," said Jim Maloney, chief security executive at Corillian. "The technology is similar to a long range radar for cyberspace."
"The active visualization of Phishing attacks serves as a useful investigative tool and predictor of future tactics," said Dan Hubbard, senior director of security and technology research for Websense, Inc. "As we continue to gather insight into the world of Phishing, this technology can also prove valuable to trace other types of online fraud as well."
To see the latest PerilScope visualization of Phishing scams please visit http://www.internetperils.com/. For John Quarterman's report on this project to the APWG, please visit http://www.internetperils.com/tech/conferences/apwg2005-1/index.php
About the Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of Phishing and email spoofing. The organization provides a forum to discuss Phishing issues, define the scope of the Phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Where appropriate, the APWG will also look to share this information with law enforcement.
Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. There are nearly 900 companies and government agencies participating in the APWG and nearly 1400 members. Note that because Phishing attacks and email fraud are sensitive subjects for many organizations that do business online, the APWG has a policy of maintaining the confidentiality of member organizations.
The website of the Anti-Phishing Working Group is http://www.antiphishing.org. It serves as a public and industry resource for information about the problem of Phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against Phishing attacks. The analysis, forensics, and archival of Phishing attacks to the website are currently powered by Tumbleweed Communications' Message Protection Lab.
The APWG was founded by Tumbleweed Communications and a number of member banks, financial services institutions, and e-commerce providers. It held its first meeting in November 2003 in San Francisco and in June 2004 was incorporated as an independent corporation controlled by its steering committee, its board and its executives.
About Corillian Corporation
Corillian is the top provider of online banking, bill payment and anti-fraud solutions to leading financial institutions. Corillian provides the most flexible, scalable and secure set of online banking applications across multiple lines of business. Corillian features integrated applications across Consumer Banking, Small Business Banking, Wealth Management, Credit Card Management, and Cash Management, as well as enterprise-wide solutions, including Payments Warehouse, Alerts, eStatements, and OFX. Corillian's fraud prevention solutions use Preemptive ForensicsÂ to protect web sites from Phishers, hackers, and fraudsters. Corillian's strong authentication solution provides a low-cost solution for multi-factor authentication while maintaining high user satisfaction. Empowered with Corillian solutions, some of the world's most visionary financial institutions provide their customers with the tools to manage their finances more effectively and securely. For more information about Corillian Corporation, visit the company's Web site at http://www.corillian.com.
About Websense, Inc.
Websense, Inc. (NASDAQ: WBSN), the world's leading provider of employee Internet management solutions, enables organizations to optimize employee use of computing resources and mitigate new threats related to Internet use including instant messaging, peer-to-peer, and spyware. By providing usage policy enforcement at the Internet gateway, on the network and at the desktop, WebsenseÂ® products enhance productivity and security, optimize the use of IT resources and mitigate legal liability for our customers. For more information, visit http://www.websense.com.
About InternetPerils Inc
InternetPerils Inc. provides automated quantification and visualization products for Internet Business Risk Management. For more information, contact InternetPerils at http://www.internetperils.com
About John S. Quarterman
Subscribe to Perilocity (John's Security Blog)
# # #