Agencies and companies come together to resist phishing

A collaborative initiative involving several major industry players and US law enforcement agencies was launched this week in an...

A collaborative initiative involving several major industry players and US law enforcement agencies was launched this week in an effort to deal with the growing problem of online phishing scams.

The group, called Digital PhishNet, includes companies such as Microsoft, AOL, VeriSign and EarthLink, as well as government agencies such as the FBI, the US Secret Service and the US Postal Inspection Service. 

The group hopes to improve the flow of information between industry and law enforcement agencies about phishing attacks, said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center. 

Because phishers are able to create and dismantle phony sites rapidly, "the key to stopping them is to identify and target them quickly", Larkin said.

"Our industry partners have a unique perspective regarding these schemes, and how they look early on, that we in law enforcement don't always have," he said.

Having technology players working closely with law enforcement agencies is a good approach to dealing with phishers, said Avivah Litan, an Gartner analyst.

"Law enforcement is not really equipped to deal with these cybercriminals," she said. "They don't have the technical skills or the staff." 

As a result, technology companies will have to "spoon-feed" them with a lot of the data and the evidence needed to go after phishers, she added. 

Industry groups such as the Anti-Phishing Working Group have reported sharp increases in phishing scams over the past year. Between July and October alone, the number of phishing sites grew by an average of 25% a month, with 1,142 sites reported active in October.

According to Gartner, for the 12-month period that ended last April, phishing attacks cost victims $1.2bn (£625m) - with US companies bearing most of the costs. 

The newly formed coalition should help industry and law-enforcement to formulate a better response to the growing menace, said Judy Lin, an executive vice-president at VeriSign.

Apart from sharing information with law enforcement, the group will also investigate ways of legally "leveraging technology to bring down sites" that are being used to launch phishing attacks, Lin said. 

Because of the cross-border nature of the problem, the FBI is working on garnering support from law enforcement agencies in other parts of the world, Larkin said.

Jaikumar Vijayan writes for IDG News Service

Read more on IT risk management