Security companies are developing new ways to keep the public informed about fraudulent websites and cut down on scams.
These initiatives are designed to fight phishing by providing helpful data to ISPs, email security firms and antimalware vendors whose products are designed to protect their customers from cybercrime.
Meanwhile, the fight against phishing also is playing out on the desktop, as tools to keep web users from visiting fraudulent sites become more prominent. For example, the next version of Internet Explorer will include the Phishing Filter, designed to warn users if they visit a fraudulent website, according to Microsoft officials. The next version of the Firefox browser is expected to have a similar feature.
Yet by the time these upgrades are widely adopted, phishers will have found ways around the blocking mechanisms, one analyst says.
"Phishing attacks as we know them will go away, but I'm sure [phishers] will come up with something else," says Avivah Litan, a vice president at Gartner.
"I think it's spy vs. spy," echoes Todd Bransford, vice president of marketing with antiphishing vendor Cyveillance. "We see more variants of phishing as the bad guys get more creative and come up with new ways to circumvent security…they're just different enough so that they're not recognised by the security efforts."
Among the new initiatives designed to fight phishing is an offering from Cyveillance, whose service is used by financial institutions, online retailers and other companies to protect their brand on the web. Last week the company announced it will make its data regarding phishing sites available for reuse by other vendors.
The OEM Content Program is designed for ISPs and security companies that need to block users from phishing sites, Bransford says. This phishing data from Cyveillance is used by AOL and Microsoft.
The company's crawlers and agents constantly scour the web for misuse of its clients' brands, and often discover fraudulent sites. With the new offering, Cyveillance will make this information available to companies that interact directly with users to help protect them from these sites.
Furthermore, Tipping Point, a division of 3Com, plans to announce a Firefox browser add-in designed provide instant information about the website the user is visiting for. Called Monkeyspaw and based on open-source code, the tool aims to help security professionals analyse and report fraudulent sites, says Tod Beardsley, lead counterfraud engineer with Tipping Point.
The tool also can be used to report a fraudulent site to CastleCops' Phishing Incident Reporting and Termination Squad, which takes down phishing sites.