New Microsoft Phishing Filter for MSN Search Toolbar

If a customer inadvertently visits a potentially fraudulent Web site that can steal the customer's personal information, the beta Microsoft Phishing Filter Add-in will proactively help protect the customer. This new add-in uses a dynamic system that quickly checks the Web pages customers visit with an online service with up-to-the-hour information to see if the sites they visit are suspicious or actual reported phishing Web sites. The filter will block customers from entering personal data if the site is confirmed. If the Web site contains characteristics common to a phishing Web site, but is not in the list of known sites, the MSN Search Toolbar will provide a warning and give people the option to continue or close their tab in the toolbar.

Microsoft Phishing Filter helps detect potential phishing Web sites and divert visitors away from them in three ways:

-- It compares addresses of Web sites a consumer attempts to visit with
a list of reported legitimate sites that is stored on the consumer's
computer and updated periodically.

-- It analyzes the sites that people seek to visit for characteristics
common to phishing sites.

-- It provides the option to automatically send Web site addresses that
a consumer attempts to visit to an online service run by Microsoft
Corp. that checks the address against a frequently updated list of
reported phishing sites.

Arizona State Savings Moves Quickly In Wake Of Attempted Phishing Scam

Unfortunately, a phishing attack against a credit union is nothing to admire. However, the speed and efficiency of the response to one such attack by Arizona State Savings & Credit Union is.

The Arizona State Savings & Credit Union (ASSCU) branch at the University of Arizona was alerted to the problem when students walked into the credit union and reported a suspicious e-mail had been sent to them. Someone had accessed 9,000 state university e-mail addresses and sent a phony message asking for information, according to ASSCU SVP of Planning and Strategic Services Jill Bechard. Bechard said the e-mail asked for the member's name, account number and a credit card number, but not for a social security number. "In the email, was a replica of our website," Bechard said.

In response to previous suspicious incidents, ASSCU staff enacted a step-by-step plan. In only four hours ASSCU quickly shut down nine student accounts, took down its own website, alerted two other state universities to the problem, called the FBI and Secret Service, alerted the media, contacted CUNA and sent e-mail notifications to each of its 42,000 members who are online users.

The Phishing Hole

Phishing has emerged as one of the online world's more frightening scourges. Even at their most irritating, most spammers just wasted your time or left you averting your eyes from scary porn. Phishing scams are worse -- they're attempts to steal your money or even your identity, and they threaten to undermine some of the basic conveniences and efficiencies of the Internet age.

And unfortunately, phishing is going to be with us for some time: The Internet's technical underpinnings date back to when the Net was a preserve of scientists who had no reason not to trust each other, and it looks like the technical overhaul needed to make us less susceptible to phishers will take years to accomplish. In the meantime, what's needed is greater awareness of the phishing's dangers, a task that should fall on companies targeted by phishers, Internet-service providers, government agencies, individual users and others.
Wall Street Journal

Brazil Pinches 85 Phishers

Brazilian police have arrested 85 people in connection with a phishing ring that pilfered over $33 million from duped consumers who handed over their online bank account usernames and passwords, the Reuters news wire service reported Friday.

The raid, dubbed "Operation Pegasus," was a multi-state crackdown that involved over 400 police officers and issued more than 100 arrest warrants after a four-month investigation.
TechWeb

Three indicted in major spam case

A federal grand jury on Thursday indicted three people accused of sending pornographic bulk e-mail in a major international spam case, the U.S. Department of Justice announced.

The case centered on allegations that the three distributed bulk e-mail advertising pornographic Web sites and containing explicit images of adults having sex. The unsolicited e-mails may have numbered in the tens of millions, the Justice Department said.
CNET

ID theft sneaks to the top of fears list

We're paying more and more protection money on our financial lives. Identity theft, phishing scams, viruses and worms are turning the convenience of online personal finance into a jungle of security fears. Direct costs to banks and credit companies of computer scams like phishing and other identity theft--ultimately paid by consumers--have mounted to more than $1.2 billion, according to research firm Gartner Inc.

Sales of scanning software for virus protection and other personal computer security products continue to build, especially after massive security breaches in recent months. In one of those breaches, hackers obtained credit card and debit account data on hundreds of thousands of card customers.
Chicago Tribune

Phishers Sinking to New Lows; Scammers Now Impersonate Small Financial Institutions

Don't get me started on spam. But the other day, scanning the dregs of my spam filter, there was this one that stood out from the hundreds of unsolicited commercial e-mails that pitch porn, get-rich-quick schemes, cheap pharmaceuticals, urgent business proposals and sure-thing investments. All no-brainer deletes. Click, click, click.
Washington Post

Microsoft to Expand Anti-Phishing Tool

Microsoft Corp. will soon make available to the general public a tool for warning users about "phishing" scams that could lead to identity theft. Currently, such a tool comes only with the Internet Explorer 7 browser, which is available in tests only to a select group of developers.

But within a few weeks, Microsoft will incorporate it into a toolbar for older versions of IE. While still officially a test, the anti-phishing tool will be available to anyone running the Windows XP operating system with the Service Pack 2 security upgrade from last summer.
Associated Press/InformationWeek

Can Authentication Make The E-mail Highway Safe?

E-Mail Authentication Standards: It’s Like Seatbelts And Airbags
Significant progress has already been achieved as Microsoft Caller ID and Meng Weng Wong’s Sender Policy Framework (SPF) came together under the umbrella of the Sender ID Framework. At the same time Yahoo! Domain Keys joined together with Cisco Systems and its Internet Identified Mail to become DomainKeys Identified Mail (DKIM). However, this has left us with two leading authentication methods vying for dominance.
Messaging Pipeline

APWG Report Shows Identity Theft Crimeware Growth Eclipsing Conventional Phishing

The Anti-Phishing Working Group (APWG) today released their July 2005 phishing report. The report shows a slight decrease in conventional phishing attacks but discloses a marked increase in crimeware: malicious software designed to steal identity information for financial crime. In July, APWG researchers have found that phishers are designing systems specifically to neutralize counter-phishing technologies that are being deployed by financial institutions and e-commerce sites.

"The technological contest between phisher and counter-phisher is well and truly underway," said APWG Chairman David Jevans. "It is a contest of escalation."

APWG researchers reported a marked increase in screenscraper technology by phishers, used to counter the graphical keyboard systems that some financial services firms are using to avoid the hazards of keylogging Trojans that phishers use to mine the usernames and passwords directly from the keyboard entry of alphanumerics and symbols. When the user mouseclicks a character on the graphical keyboard, the screenscraper takes a snapshot of the screen and sends it to the phishers' server for inspection, in one example intercepted by the researchers.
Business Wire

Online Pharmacy Spammer Arrested

Christopher Smith's neighbors didn't know exactly what he did for a living. But they knew well that he liked to collect expensive cars and set off fireworks at all hours.

At an age when most of his peers could barely afford a new car, Smith was amassing a collection that would include BMWs, Hummers, a Ferrari, a Jaguar and a Lamborghini. And when other twentysomethings were trying to save for down payments on modest starter homes, Smith paid $1.1 million for a house in a more affluent suburb.

Smith got all that through his successes in massive unsolicited e-mail marketing, authorities say. The Spamhaus Project, an anti-spam group, considered him one of the world's worst offenders.

He was just 25 when the feds in May shut down his flagship company, Xpress Pharmacy Direct, and seized $1.8 million in luxury cars, two homes and $1.3 million in cash held by Smith and associates.
InformationWeek

Anti-porn spam laws to shield kids backfire

Laws in two states to shield children from objectionable e-mail are having a chilling effect on nearly everyone but the spammers they were intended for.

The laws in Michigan and Utah create e-mail registries to prevent children from viewing adult-oriented messages. But the laws, both barely a month old, threaten to disrupt businesses nationwide, marketers and legal experts say.
USA Today

Constant Struggle: How Spammers Keep Ahead Of Technology

Efforts to use automation to outsmart spammers and crooks online have had spotty results. Often it's because spammers keep coming up with new tricks to work their way around anti-spam technology, forcing the good guys to continually play catch-up.
Information Week

Seller of AOL List Gets Prison

A former America Online Inc. engineer who sold 92 million stolen e-mail addresses to an alleged spammer was sentenced Wednesday to 15 months in prison, but spam fighters said the punishment was too lenient to stem the flow of junk messages.

Jason Smathers, 25, pleaded guilty in February to hacking AOL's customer database and selling the e-mail addresses of customers for $28,000. His case was among the first prosecuted under the federal anti-spam laws that took effect last year.
LA Times

It's a bull market for stock spam

The volume of stock scam spam has risen, posing a new threat to investors, warns a new study from network security firm Sophos.

Though traditional spam categories--medication, mortgage and pornography--continue to dominate, new ones such as stock scams are growing, according to the study, which covered the first six months of 2005.
CNET