1x1


ONLINE FEATURES Book Reviews BW Video Columnists Interactive Gallery Newsletters Past Covers Philanthropy Podcasts Special Reports BLOGS Auto Beat Bangalore Tigers Blogspotting Brand New Day Byte of the Apple Economics Unbound Eye on Asia Fine On Media Green Biz Hot Property Investing Insights Management IQ NEXT: Innovation NussbaumOnDesign Tech Beat Working Parents TECHNOLOGY J.D. Power Ratings Product Reviews Tech Stats Wildstrom: Tech Maven AUTOS Home Page Auto Reviews Classic Cars Car Care & Safety Hybrids INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads

DECEMBER 20, 2004

  STORY TOOLS
Printer-Friendly Version
E-Mail This Story

POLL INSTANT SURVEY >>
With which of the following statements on outsourcing do you most agree?

The benefits of outsourcing to corporate America far outweigh the costs
There's an even split between the drawbacks and rewards
Any benefits are overshadowed by the loss of U.S. jobs
Unsure

VIEW POLL RESULTS >>
  PEOPLE SEARCH

Search for business contacts:

First Name :
Last Name :
Company Name :

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Search by Zoominfo
  Tech White Papers
Most Recent
Most Popular
NEWS ANALYSIS
By Sarah Lacy

A Collective Net to Catch Phishers
Big outfits from Citibank to AOL will share data on these ID-robbing cyberscams and boost the feds' efforts to catch the bad guys


Lori Lee-Savage is having a hard time getting into the holiday spirit. In late November, the executive assistant for an Alexandria (Va.) nonprofit tried to use a bank ATM, but her card was declined. "That can't be," she thought. After all, she had more than $1,500 in the bank and several thousand dollars of overdraft protection.


Hours later, the manager at her bank told her it looked like she was a victim of identity theft. The only thing she can figure is that it happened while she was shopping online. "It's very frustrating and very time consuming," she says. "I'm going on my third week of trying to get this cleaned up. I spend at least two hours a night on it."

Savage isn't alone. Over the last year, an estimated 1.8 million people have been victims of so-called phishing scams, according to the Federal Trade Commission in November. Phishing, as the cyber-literate call it, is a Net scam that relies on mass e-mail blasts luring people to Web sites that look just like their bank or favorite e-store. Once there, they unknowingly give financial information to crooks.

CONCERTED ACTION.  And the problem is only getting worse. Security software maker Symantec (SYMC ) estimates that phishing-related e-mails have doubled in the last few months to about half a percentage point of all e-mail traffic on the Net.

Now the e-commerce industry is fighting back. Eighteen big-name Internet service providers, banks, e-commerce outfits, and tech security providers announced on Dec. 8 an alliance called Digital PhishNet. The companies, ranging from Microsoft (MSFT ) to Citibank, part of Citigroup (C ), promise to share information about phishers and put a net around them before they move on to the next con.

"There are other groups where companies have met and studied the problem, but this actually allows us to go right after the people involved," says Les Seagraves, chief privacy officer at Earthlink (ELNK ).

SOLITARY EFFORTS.  It's the brainchild of Stirling McBride, a fraud investigator with Microsoft. His idea is simple: Share information about phishers among legitimate e-commerce businesses so they can collectively shut down a fraud site as fast as possible, collect information about who's running it, and send the info on to authorities.

Sounds simple, but it's a big change from what the industry has been doing. Companies like Earthlink, Lycos, and eBay (EBAY ) were trying to beat back phishers on their own. VeriSign (VRSN ), which among other things runs the giant computer system that routes e-mail and maintains Web-site domain names, was trying to shut down phishing sites as soon as they were discovered. And Microsoft was scouring the Net, looking for the bad guys, and routinely forwarding information to the FBI's Internet Crime Complaint division.

But they weren't sharing information. The end-result: Phishing kept growing. "We had a very good track record of taking down sites," says Chris Babel, vice-president for managed security services at VeriSign. "But for every on that comes down, two go up."

MATTER OF TRUST.  McBride knew something had to change and fast. He started working with investigators at Time Warner's (TWX ) America Online, Digital River (DRIV ), EarthLink, Lycos, and VeriSign. He got the feds involved and managed to get the big tech outfits with so much at stake in e-commerce to start working together. He says it's a matter of maintaining his company's trustworthiness: "When an MSN customer gets phished, there's a certain level of mistrust against MSN because our name was used, even though we're trying to help solve the problem."

If this project works, it'll put a major dent in phishing scams by allowing investigators to focus on the biggest cons. And it will help the FBI compile more comprehensive files for prosecutors when they catch someone and bring them to trial. Ultimately, that could lead to more convictions -- the only true deterrent for criminals, says Daniel Larkin, unit chief of the 60-person Internet Crime Complaint Center.

The new antiphishing alliance is similar to a group called "SlamSpam" the FBI formed with the tech industry in 2003. That was a group of technology concerns that would collect and report spam attacks to the Internet Crime Complaint Center. The FBI is pursuing about 100 cases that have come out of SlamSpam. It's counting on similar results out of the new phishing group.

"SMALL STEPS."  Will it be enough? Probably not. Lots of these scams are being run from outside the U.S., many in countries where no laws govern them. But it's a good start. "I'm a big believer that just because it's not a 100% solution doesn't mean that we should avoid it," says Enrique Salem, Symantec's senior vice-president for network and gateway security. "Small steps forward are worth investing time [in]."

At least, until the next cyberscam emerges.


Lacy is a reporter for BusinessWeek Online in the Silicon Valley bureau
 Edited by Jim Kerstetter
 BW MALL   SPONSORED LINKS
Buy a link now!



Get BusinessWeek directly on your desktop with our RSS feeds.XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page
Back to Top


TODAY'S MOST POPULAR STORIES

  1. Why IKEA Is Fed Up with Russia
  2. AT&T's Designs for the Wireless Market
  3. Obama's Russian Business Plan
  4. Microsoft Defends Its Empire
  5. Pirate Bay's Weird New Business Plan

Get Free RSS Feed >>
  MARKET INFO

Portfolio Service Update

Stock Lookup

Enter name or ticker



Copyright 2004, by The McGraw-Hill Companies Inc. All rights reserved.
Terms of Use | Privacy Notice

Media Kit | Special Sections | MarketPlace | Knowledge Centers
McGraw-Hill Cos.