Tech Coalition is Formed to Stop Phishing

Phishing emails are a huge problem and one that numerous attempts to rectify have so far failed to achieve.  Now a large group of tech companies have joined forces with a start-up company called Agari to try and stop phishing emails from even reaching your inbox.

Microsoft, Google, AOL, Yahoo! and other firms have all joined forces on the project so they can share information from phishing emails.

This data will be analyzed by Agari to see how phishing attacks can be identified and prevented.  The company has actually been in operation since 2009 and helps protect over 1 billion email accounts from these types of attack.

The company already collects data from around 1.5 billion emails a day, though they don't collect the actual email messages.

Instead the company just passes on malicious URLs in the messages to the relevant companies who's name is being used in the phishing message.  Google said it expects the new arrangement to benefit Gmail users as more mail senders will now be authenticating email and implementing common phishing blocking policies.

Cnet reported that Daniel Raskin, the vice-president of marketing for Agari said...

"Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo.  They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Phishing emails aren't just a nuisance, they cost businesses millions every year in credit card insurance payouts, a cost which is inevitably passed on in interest charges.  The sophistication of phishing messages, which purport to be from a bank, business or website asking you to log in to confirm your security details, or offering you a fantastic deal that doesn't really exist, again to get your personal details including those for your credit card.

The simple rule is that no bank, company or website will EVER email you asking you to log in and confirm your details.  Modern web browsers will highlight the actual domain name for the site you are visiting, for example PayPal.com and you can see if you are being diverted to a different domain.  The best rule is that if you receive an email purporting to be from, say Bank of America, then never click on the link.  Instead manually go to the bank or company's website and log in yourself.

Agari says they have been operating in "stealth" mode for the last few years to as to try not to attract too much attention to their work.  Currently they analyze 50% of all email traffic in the US.  Cnet say...

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening.

This new alliance forms no guarantee that phishing emails will be eradicated, and it is still up to the end user to use caution when opening any suspicious email.

Advertisement