Symantec launches antiphishing service

Symantec Corp. is fishing for dollars with a new service designed to help companies combat the ongoing epidemic of online identity theft, or "phishing," scams.

The antivirus software giant was set to announce on Monday a brand protection service that will use the company's global network of researchers and its desktop software to help companies identify and thwart online scams that use their names to trick unsuspecting customers.

Phishing scams are online crimes that use spam to direct Internet users to Web sites that are controlled by thieves but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account or credit card number, often under the guise of updating account information.

The Online Fraud Management Solution is a package of services that Symantec, of Cupertino, California, will market to financial services companies. As part of the service, Symantec will use a global network of probes and decoy e-mail accounts to collect, analyze and identify new phishing scams targeted at Online Fraud Management customers.

When new scams are identified by Symantec researchers, they will create filters that block the fraudulent messages associated with those scams. Those filters will be automatically deployed to consumers who use Symantec applications such as Norton AntiSpam and Norton Internet Security, Symantec said.

The company will also notify the Online Fraud Management customer named in the scam e-mails so it can work with law enforcement to get the phishing Web site shut down, Symantec said.

Symantec is also providing Online Fraud Management customers with access to a "user-friendly resource center" with content that will help them educate their customers about Internet security threats and with links to products and information to help them assess their computer's security exposure and protect it from attack, Symantec said.

Consulting services to provide assessments and help with implementation are also included in the program, Symantec said.

Online fraud and identity theft scams are a growing problem. The Anti-Phishing Working Group, an industry association made up of representatives from the high-technology industry and law enforcement, identified more than 1,400 unique phishing attacks in June, the most recent month for which statistics are available. Incidents of such attacks are growing at an average monthly rate of more than 50 percent, the group found. (See: http://www.antiphishing.org/APWG_Phishing_Attack_Report-Jun2004.pdf.)

The scams have also attracted attention from the U.S. government. In August, U.S. Attorney General John Ashcroft announced 103 arrests in Operation Web Snare, a huge U.S. Department of Justice (DOJ) action against online fraud and other Internet-related crimes. The operation included 160 investigations across the U.S. for a variety of Internet-related crimes, including phishing attacks.