CipherTrust helps firms spot phishing and spoof sites

CipherTrust helps firms spot phishing and spoof sites


A new online resource promises help against online fraud, and analysts say security strategies need a rethink

Email security firm CipherTrust has released a new online resource to help firms combat phishing and brand-spoofing attacks by alerting them when their sites are being illegally imitated.

Phishregistry.org monitors the content of legitimate sites via Phisherprinting similarity-matching technology. When it finds a spoofed site, it alerts the legitimate company, which can then warn customers and tell the appropriate authorities so that the site can be shut down.

"We're asking [firms] to register their legitimate web sites and where they come from, and then we can overlay that with the information of when someone is [spoofing] that site," said CipherTrust's David Stanley. "Phisherprinting technology can identify the telltale, fingerprint signs that show they are not [the real] site."

Fraudulent emails and phishing sites are increasingly professional, making it more difficult for users to tell the real from the fake, Stanley added.

"What a person won't see is what lies beneath [the fraudulent site]," explained Stanley. "We can look beyond the features sitting on the screen into what's really going on [underneath]."

The new resource will help firms reduce losses from phishing attacks and fraud and will encourage consumer confidence in e-commerce sites, Stanley predicted.

Andy Kellett of analyst firm Butler Group welcomed this anti-phishing resource but questioned whether the resulting weekly alerts would be frequent enough. "It seems a little laid back to me…[and] most big companies already have facilities in place to tell them when [phishing attacks] happen," he added

Phishregistry.org is available free of charge through the CipherTrust Research Portal alongside TrustedSource.org and SpamArchive.org, CipherTrust’s flagship resources to prevent spam and online fraud.

In related news, a leading security expert said IT security chiefs need to combat web-based attacks by developing strategies that involve all parts of their organisations.

Dan Hubbard, senior director of security and research at internet security firm WebSense, said that firms face a growing threat to their reputations and finances due to zero-day attacks, malicious web sites that steal passwords, and other dangers. To reduce the threat, IT security chiefs should work with colleagues across their organisations to mitigate risks, he argued.

"Security chiefs need to involve legal, marketing and of course the finance departments," said Hubbard. "Security [staff] are usually very technical and not good sales people, but they need to translate the security problem into a business problem at [board] level."

Marketing departments and offshoring projects are often weak points for security, said Hubbard. He added that human resources staff could improve protection by conducting background checks on staff who have access to sensitive documents. Meanwhile, the PR department should develop a strategy to minimise damage to the organisation's reputation if an attack takes place.