To make it easier to identify and react to new scam websites, Microsoft, EBay and Visa International are launching a program to share information about online identity theft scams.
The companies will use the RSA Conference in San Francisco this week to unveil the Phish Report Network, an anti-phishing service that aggregates reports of phishing attacks and issues alerts about new phishing websites to subscribers.
Phishing scams are online crimes that use spam to direct internet users to websites designed to look like legitimate e-commerce sites, but which are controlled by thieves. Users are asked to provide sensitive information such as passwords, bank account information, or credit card numbers, often under the guise of updating an account.
Reports of online identity theft scams have grown steadily for more than a year. In December, more than 1700 active phishing websites were reported, a 10 percent jump from the previous month, according to data released by the Anti-Phishing Working Group (APWG).
More than 9000 unique email messages linked to phishing scams were identified by the APWG in December, an increase of 6 percent from the month before, and a 38 percent increase over the number reported in July, according to an APWG report.
The scams are notoriously hard to shut down because those behind them often use compromised computers scattered around the globe to host phishing websites and to distribute the spam messages advertising the sites. The average duration of a phishing Web site was almost six days in December, with some sites operating for as long as 30 days before being shut down, the APWG reported.
The Phish Report Network is a voluntary, subscription-based service that will help coordinate response to phishing scams between the companies targeted by phishers, such as EBay, and organisations that can play a role in shutting down the scams, such as ISPs and antispam technology companies, according to information on the group's website at PhishReport.net.
Visa, EBay and Paypal, EBay's online payment division, will report new phishing scams to the Phish Report Network. Those reports will be stored in a central database of phishing attacks maintained by WholeSecurity, where the information will be sorted into aggregated "safe lists" and "block lists" of known phishing sites. ISPs and other companies will then use those lists to update filters, black lists, and other systems used to block traffic to and from the phishing sites.