Microsoft, eBay join antiphishing initiative

The Phish Report Network aims to thwart fraudsters by creating a central database of information about bogus Web sites.

Matt Hines Staff Writer, CNET News.com

Matt Hines

covers business software, with a particular focus on enterprise applications.

Matt Hines

Feb. 14, 2005 8:11 a.m. PT

Microsoft, eBay, PayPal and Visa have joined a new antiphishing initiative spearheaded by WholeSecurity, the companies said Monday.



		Related story Phishing flaw a danger to some browsers Non-Microsoft browsers are vulnerable to a weakness in a domain name standard.

Dubbed the Phish Report Network, the effort will attempt to slow the spread of phishing attacks by reporting deceptive Web sites to a central database operated by "="" rel="noopener nofollow" class="c-regularLink" target="_blank">WholeSecurity, an IT security company based in Austin, Texas.

Once a site has been reported to the network and confirmed as fraudulent, the organization notifies all of its members about the URL, allowing companies to block the suspect site and encourage their customers to follow suit.

Phishing schemes typically consist of e-mail messages that appear to come from trusted companies. These messages attempt to lure people to bogus Web sites, where they're asked to divulge sensitive personal information, such as bank account details and Social Security numbers. Once armed with that data, criminals will often use it to commit identity theft.

WholeSecurity is orchestrating the initiative--which was announced at the RSA Security Conference taking place this week in San Francisco--through the use of its Web Caller-ID technology. The tool is already in use at eBay and its PayPal subsidiary, two of the most common brand names used by phishing fraudsters. Offered as part of eBay's free Internet toolbar, the application notifies consumers when they enter a site that WholeSecurity has confirmed as fraudulent.

The Phish Report Network will distribute aggregated lists of banned sites so that its members can incorporate the data into their own software, e-mail applications and browser services. The group is also encouraging any other company that has been targeted by phishing sites to join in its efforts, saying that the more companies sign up for the initiative, the more effective it will become.

Many e-commerce sites have called for greater vigilance on the part of financial services companies such as Visa to help stem the tide of online fraud, as credit cards are involved in a majority of the criminal schemes. Visa executives cited the Phish Report Network as a prime opportunity to respond to some of those requests.

"Visa is focused not just on shutting down phishing sites but preventing phishing e-mails from ever reaching consumers worldwide," Brad Nightengale, department head of the emerging-products division at Visa, said in a statement. "Working with the participants in this solution, Visa can play a key role in stopping this crime before it happens and in maintaining global consumer confidence online."