Symantec Relaunches Phishing Info Sharing Network - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Symantec Relaunches Phishing Info Sharing Network

The Phish Report Network is being reactivated to provide a vetted, dynamically updated database of fraudulent Web sites. This time around, though, Microsoft isn't participating.

Symantec on Monday relaunched an anti-phishing fraud service it acquired in its 2005 acquisition of WholeSecurity, and said major Internet players including eBay, Google, Yahoo, RSA Security, and Wells Fargo will participate in the data sharing group.

Microsoft, however, has dropped out.

First unveiled in February 2005 by WholeSecurity, the Phish Report Network is being reactivated by Symantec to provide a vetted, dynamically-updated database of fraudulent Web sites, said David Cole, director of Symantec Security Response.

"There's room for more than one [such] organization," said Cole, "but we wanted to provide a high-quality feed on fraudulent sites so organizations would know that there were very few false positives in the data."

Companies would use the information collected by the network to roll back into their applications -- such as anti-phishing software -- or as blacklist updates to their customers.

There are similar phishing site-collection services already in operation, including CipherTrust's and the non-profit Anti-Phishing Working Group (APWG). But Cole argued that Symantec's would be professional vetted, both by "robust automated bots" and by Symantec analysts, to guarantee that sites reported as fake were really bogus.

Symantec inherited members such as online auctioneer eBay and its PayPal e-payment service from WholeSecurity's effort, but it's added Google, Yahoo, online banking behemoth Wells Fargo, and RSA Security. The latter will contribute data from its Cyota anti-fraud group, which specializes in notifying financial institutions of developing phishing threats, and shutting down bogus sites. Among the clients of Cyota's FraudAction service is Visa USA.

Companies and organizations that contribute data to the Phish Report Network receive its findings free, said Cole, while others will be charged subscription fees that are "priced to break even. We're not intending to make a lot of money on this."

The subscription charges will pay for the automatic and human-based vetting that Symantec will do on each report of a phishing site.

"We can do this cheaper because others would have to directly monetize the service. We don't. Rather than relying on another organization to do this, and be beholding, we can do this ourselves, and also use the data for our own operational anti-fraud teams."

Microsoft, though a founding member of Whole Security's same-named network in 2005, has pulled out of the Symantec-branded collective.

"We didn't ask them to leave," said Cole, "they just wanted to create their own [anti-fraud database]." Microsoft has released an anti-phishing toolbar for its Internet Explorer 6, and has integrated anti-fraud defenses into its next-generation IE 7, which entered public beta last week.

Symantec and Microsoft have butted heads over security as the latter has acquired vendors and rolled out security services and software, including its free Windows Defender anti-spyware software and its Windows Live OneCare subscription service.

Although Google hasn't told Symantec what it will do with the data from the Phish Report Network, Cole said it would be a great addition to the search company's Gmail e-mail service. "That would be a natural fit, or with Google's toolbars," said Cole.

More information about the network can be found on the Symantec Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll