Banks, Law Agencies Team Up To Fight Phishing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:07 PM
Connect Directly

Banks, Law Agencies Team Up To Fight Phishing

Digital PhishNet is the latest effort to share information that leads to immediate action against phishers.

A group of businesses and law-enforcement agencies Wednesday announced the establishment of an information-sharing operation to better combat phishing, which is the use of E-mail to solicit personal information that can be used for identity theft and other fraud.

Digital PhishNet aims to provide a single line of communication between industry and law enforcement to compile critical data and provide it more efficiently to investigators. Its supporters include America Online, Digital River, EarthLink, Lycos, Microsoft, Network Solutions, VeriSign, the FBI, the Federal Trade Commission, the U.S. Secret Service, and the U.S. Postal Inspection Service.

Nine leading U.S. banks also are said to be participating, although the names of those banks weren't disclosed. A spokesman for Microsoft speculates that participating banks may be hesitant to advertise that they're targets of phishing scams. Such unwanted attention already has been brought to Citibank, a frequent target for phishers. It's not uncommon to hear IT security professionals say that a company has been "citibanked" when its brand gets hijacked by phishers.

There have been previous efforts between industry and government to collaborate on fighting phishing. In June, MasterCard International Inc. and digital-fraud-detection firm NameProtect Inc. joined forces to fight online fraud, in part by providing information to law-enforcement agencies.

That same month, companies including ABN Amro, AT&T Wireless, Best Buy, Charles Schwab, CipherTrust, DirecTV, E-Trade, Fidelity Investments, GE Access, HSBC, IBM, National City Bank, PostX, the Royal Bank of Scotland, and Siebel System formed the Trusted Electronic Communications Forum for the same reason.

There's also the National Cyber-Forensics & Training Alliance, a cybercrime lab established in 2002. It's supported by funds from federal agencies, businesses, and academic organizations.

Such cooperative action reflects the widespread realization that phishing attacks reflect an increasing level of intensity, sophistication, and organization on the part of criminal hackers.

"The real motivation behind this was trying to come up with a solution to working these cases," explains Stirling McBride, a senior investigator in Microsoft's digital-integrity group. "When I started working on phishing cases about a year and a half ago, it became apparent to me very quickly that we had a very small piece of the puzzle." Upon further investigation, Microsoft learned that some of the phishers pursuing the company's MSN and Hotmail customers also were attacking other companies. "But as long as we only had the data that only related to the MSN and Hotmail pieces, we didn't have a full picture," says McBride. "As we started to talk as an industry, it was very apparent to all that we had to start sharing that data."

As part of the Digital PhishNet program, investigators from participating companies will enter phishing-related data into a database at the National Cyber-Forensics & Training Alliance in Pittsburgh, where FBI analysts will identify trends and pass along significant details to agents.

McBride says that a rapid response is critical. "Phishing sites come up very quickly and disappear very quickly," he says. "Unless law enforcement is brought in at the onset, they oftentimes don't have the ability to react quickly enough."

Law-enforcement agencies have scored some high-profile successes recently, notably the Secret Service's arrest in late October of 28 individuals alleged to be part of a global cyber organized-crime network.

While officials and security experts believe such arrests deter others from similar crimes, criminals may be pursuing a different tactic. According to FBI supervisory special agent Kenneth McGuire, who leads a cybercrime unit in Los Angeles, there's been a large increase in reports of low-level fraud. One strategy for thieves is to conduct many small acts of fraud, since investigators tend to focus on single cases with significant losses.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll