America Online this week announced new initiatives aimed at protecting its 20 million Internet service subscribers from phishing attacks. As a result, AOL said it is blocking roughly 8 million phishing attempts against its members each day.
Phishing is the use of fraudulent e-mail and fake Web sites to gather sensitive personal information from users. And phishing attacks are on the rise, according to reports issued by the Anti-Phishing Working Group.
AOL has inked partnerships with anti-phishing firms MarkMonitor and Cyveillance, and expanded its agreement with existing partner Cyota to offer its members multiple layers of protection against phishing attacks.
“The only difference between a phisher and a mugger is that a phisher uses a keyboard and not a gun,” said Tatiana Platt, AOL senior vice president and Chief Trust Officer. “Phishing and identity theft crimes cost consumers billions of dollars each year, and we will do everything in our power to protect our members from the online criminals who would prey on them.”
New Anti-Phishing Nets
Among the strategies that AOL is employing through its new and expanded partnerships are early warning systems that check newly-registered domains to see if they mimic legitimate site names, indicating they may be used for phishing.
Web crawling systems that explore the Web looking for suspicious sites that imitate the text or appearance of real sites and URL analysis that checks more than 1 million suspicious URLs daily are also part of the new strategy.
Take down efforts that work with system administrators and Web hosting providers worldwide, technical countermeasures that target fraudulent sites, and round-the-clock blocking of member access to newly discovered phishing sites round out the new strategy elements.
When a phishing site is identified, AOL works to block incoming e-mails containing the URL to that site, as well as limiting access to the site through the AOL software. In addition to fraudulent Web sites that attempt to spoof pages of the AOL service, AOL said it also works to protect members from scam sites that imitate other legitimate companies such as banks, credit card issuers, online auctions, and online payment facilitators.
A Layered Approach
StillSecure Chief Strategy Officer Alan Shimel told TechNewsWorld that AOL has been on the front lines battling online security problems for many years and should be commended for adding anti-phishing measures.
“Keep in mind, a significant number of AOL’s customer base are users who may not be very computer-savvy or very security-savvy,” Shimel said. “So this is a good move for the customers. Usually when AOL implements a solution of this type it’s transparent to the end-user.”
Combined with its anti-spam, anti-spyware, and anti-virus tools, Shimel said the company has a layered approach he recommends in an increasingly dangerous online environment.
“The mouse keep getting smarter and we keep making better mousetraps,” Shimel said. “But you can’t rely on just one solution for all of your security needs. You really need that layered model so that if it does get through your spam filter, another layer in the security model is going to pick it up.”