This is G o o g l e's cache of,1759,1560271,00.asp as retrieved on Apr 2, 2004 09:20:32 GMT.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
This cached page may reference images which are no longer available. Click here for the cached text only.
To link to or bookmark this page, use the following url:,1759,1560271,00.asp+jeffrey+guilfoyle+solutionary&hl=en

Google is not affiliated with the authors of this page nor responsible for its content.
These search terms have been highlighted: jeffrey guilfoyle solutionary 

NewsReviewsOpinionsCase StudiesResearchToolsDiscussions
Home > Security > News > Tech Tools Try to Derail Scammers
Security Header

Tech Tools Try to Derail Scammers
By Anick Jesdanun, AP Internet Writer

NEW YORK—As Internet scams, also known as phishing, proliferate, companies are sharpening technological tools to counter them. Education alone, many agree, isn't enough.

Anti-phishing software is apt to soon be added to the arsenal of digital shields forged to stop spam, viruses and hacking. Security companies are also building tools for banks and merchants to use behind the scenes.


Phishing scams have been around for years but have in recent months become more numerous—and sophisticated.

Scammers now copy and paste Web coding from real sites such as Citibank's to give their fraudulent messages and the sites they lead to an aura of authenticity.

They register Internet addresses that look real, subbing the letter "l" with the numeral "1," for instance. A few messages even carry ads for that aura of authenticity.

Mark Nichols runs an online gift shop and considers himself Internet savvy. Yet like so many other Web surfers, he got duped by an e-mail scam anyhow.

A message saying it was from eBay Inc. asked Nichols to submit his password and other personal information to a Web site. The e-mail had arrived shortly after Nichols' credit card had expired, so he didn't suspect the site was phony.

"I was thinking, `You're right, I do need to go update my account,' and sure enough, I fell for it," said the Crosby, N.D., man.

"What used to be a game and a prank has now been recognized as something that can be lucrative and has attracted organized efforts," said Bill Harris, chairman of PassMark Security LLC and former chief executive of PayPal, a frequent phishing target.

The Anti-Phishing Working Group, formed in October by industry and law enforcement, identified 282 new phishing scams in February, up from 176 a month earlier. About 70 percent have been traced to eastern Europe or Asia, said David Jevans, the group's chairman.

A 19-year-old Houston man now faces as many as 15 years in prison after pleading guilty to opening accounts and making purchases using information captured through phishing. For the most part, however, techniques scammers use and their locations abroad make them difficult to catch.

Jevans said no hard numbers are available on monetary losses from phishing, which represents only a sliver of overall fraud. The greater cost, he said, is in consumer confidence: Banks might suffer if customers shun online banking and insist on using more expensive tellers.

In Nichols' case, he realized his error early enough, so he quickly changed his eBay password. But the scams can be costly.

To fight back, eBay in February added an Account Guard feature to its toolbar for Microsoft's Internet Explorer browser. A green light appears when users are on a site run by eBay or its PayPal subsidiary. The light goes red for known fraudulent sites. A warning also appears any time users try to enter their eBay or PayPal passwords elsewhere.

Rob Chesnut, eBay's deputy general counsel, said the company went with technology because education was a tough proposition.

"It's quite easy for spoofers to create a page that looks like an eBay or PayPal page, so you can't teach users about the look of a page," he said.

PostX Corp. takes a similar approach, displaying green when e-mail has been digitally signed and verified, red when it shows signs of fraud. Others carry yellow.

The company's plug-in tools for browsers and e-mail programs, slated for release by June, will look for four basic phishing techniques, including a Web address that appears on-screen as one thing but has a different site embedded in the link.

In mid-April, EarthLink Inc. plans to release a toolbar of its own to block users from fake EarthLink sites. The list of bad sites will be automatically refreshed every few hours.

The numerous efforts can foster confusion. Which toolbar works for which scam? What color light do I trust?

Yahoo! Inc. and Microsoft Corp. are developing broader systems for authenticating e-mail, but that will take time.

Chesnut expects greater cooperation sooner.

"Right now, this is the infancy," he said. The goal will be to produce a single toolbar that does the job. "It doesn't make any sense for somebody to have 20 toolbars on the system."

Beyond toolbars, PassMark plans to offer a password imaging system later this year. A banking site could subscribe to PassMark and randomly assign each customer a different image, such as a cat. Customers would be instructed never to trust a site purportedly from that bank unless the personalized image appears.

In recent months, e-mail management company MessageGate Inc. added technology to analyze e-mail headers for mismatches, such as a message that claims to be from Bank of America but got routed through a Russian mail server. Digital Envoy Inc. has a similar offering out this spring.

In February, MailFrontier Inc. added fraud protection to its spam-blocking software for the desktop. Gleb Budman, senior products director for the company, said phishing is tricker than spam to combat because messages look so real.

Before the fraud folder existed, Budman said, many users retrieved phishing messages from their spam folders, thinking the software had made a mistake.

E-mail users flooded with phishing scams welcome the efforts, though many remain skeptical.

"You create technology to prevent that, but hackers and the bad guys are just going to one up you," said Don Bangert III, a freelance programmer in Granite Falls, Wash.

Jeffrey Guilfoyle, a vice president at security company Solutionary Inc., said that while technology offers a quick fix, "from a longer-term perspective, education of the user base is really the only way to do that. Technology is always lagging."

Copyright 2004 Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.

Print email


Fill-in form below to apply.
Cover: October 27 Filter
Renew today
Try digital eWEEK!
Subscription Help
Ziff Davis Partner Sites
Visual Studio & .Net Developer Center
Ziff Davis Featured Sites
IT Reseller News & Resources
System Shopping Partners: Dell Business Systems | Dell Home Systems | Free Shipping on Sony Vaio
  • 3/31 - Streamlining Industry Operations Through Business Process Management with Chris Pirillo. Sponsored by Ultimus.
  • 4/6 - Securing the Client Tier from Today's Blended Threats with Michael Krieger. Sponsored by Symantec Corp.
  • 4/14 - Managing the IT Infrastructure as a Business Service with Michael Krieger. Sponsored by Mercury Interactive.
  • 4/14 - Data Center Innovation: Double Your Performance Over Lunch; Protect Your Investment Over Time with Michael Krieger. Sponsored by Sun Microsystems, Inc.
  • FREE Online Seminars presented by Intel Logo 

    Click below to download Cisco System's featured white papers.

    >> Brought to you by Cisco Systems

    Gain new IT and programming skills, prepare for accreditation, and more with online courses from Ziff Davis eLearning.

    See all courses at Ziff Davis eLearning >>

      Security Phishing Scams Jump 52 Percent in One Month
      'Do Not E-Mail' Site a Scam, U.S. Officials Say
      Dutch Police Arrest 52 in E-Mail Scam
      Feds Shut Down Web Site in Scam Probe
      Warning: Look Out for the eBay Scam

    Jump to Topic Center

    View the Security Center list of security resources.

    Add the Security Center to your IE favorites.

    Larry Seltzer
    Who's More Secure Than Whom?


    Tech Tools Try to Derail Scammers

    WebEx Ties Web Conferencing with IP Phones

    Improved WiFi Repeaters Due in 2005

    Configuresoft's New ECM Can Go Mobile

    Why SCO Thinks It Can Win

    Gateway Shutters Storefronts

    "Spim" Taking Over Instant Messaging

    View All >


    How should the Federal government improve information security?

     Require its vendors to meet criteria
     Regulations for all software
     They shouldn't be involved in my security

    Poll Archive >

    XML Want an easy way to keep up with breaking tech news? Get eWEEK headlines delivered to your desktop with RSS.

    Evaluating Enterprise Content: Free White Paper.
    Introducing the high availability fault tolerant server from NEC.
    Innovative itanium 2 servers from NEC.
    All White Papers >