• April 20, 2005
  • By Marshall Lager, founder and managing principal, Third Idea Consulting; contributor, CRM magazine

AOL Tightens Its Phishing Net

America Online is taking a series of steps to combat phishing by partnering with Cyota, a developer of antifraud products and services for the financial sector, to provide early warning and aggressive response to phishing attacks. As part of the campaign Cyota will provide AOL with the services of its Anti-Fraud Command Center, a 24/7 monitoring operation in North America, Europe, and Asia-Pacific that scans more than 1 billion emails a day for indications of phishing. According to Cyota CEO Naftali Bennett, attacks can be defeated minutes after they begin in some cases, limiting potential damage to handfuls of consumers. This initiative comes in response to a sea change in the fraudster community. "Over the past 16 months or so, the source of phishing emails has moved away from teens and amateurs who have learned how to write a little HTML code," Bennett says. "More often, these attacks are tied to organized crime." Individuals and small-fraud rings still scam people to use their financial and identity assets for their own purposes, he says, but larger operations gather massed data and sell it to other organizations, much as a company might sell its contact list. "This makes it harder to track the ultimate usage of stolen information," Bennett says. "If the attack happens in January, the information might not be used for fraud until July, when the consumer has forgotten the incident and the data has changed hands several times." Cyota's Anti-Fraud Command Center scans emails for tell-tale signs of phishing and notes trends like usage spikes and suspicious subjects sent in bulk. After checking with the possibly impersonated institution to be sure the mailing isn't a legitimate marketing effort, the command center notifies partners and Internet service providers so they can block the messages from ever reaching consumer victims. Further action may include tracking the source to shut it down and prosecute the originators, or flooding the attacker with worthless information. The command center has detected and tracked attacks originating in 65 countries from Latvia to South Korea, and has stopped tens of thousands of attacks to date, according to Bennett. He believes phishing fraud is growing so fast for three reasons. "Phishing is easy, it typically carries a very low risk of being caught, and has the potential for high rewards--these are the prime motives for crime," he says. By addressing all three motives through early detection, tracking of sources and devaluing the returns by flooding attackers with useless customer data, Cyota hopes to make phishing no longer a profitable enterprise, Bennett says. "Imagine selling a list of bogus account data to Tony Soprano." Related articles: Taking Bank Vaults Online
Wireless Conference Highlights Security and Opportunity Consumers May Face Increased Risk of Identity Theft
CRM Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues