WholeSecurity launches Web Caller-ID anti-phishing system

Source: WholeSecurity

WholeSecurity, the leading provider of behavioral, on-demand endpoint security solutions, today introduced Web Caller-ID, the first browser-based solution to behaviorally detect new phishing attacks and spoofed websites designed to steal online identities.

Web Caller-ID enables companies to protect their customers at the moment they could divulge personal information - when they are in their browser accessing a malicious site.

"Given the increasing intensity of phishing attacks, it becomes imperative to detect and block previously unknown sites via browser-based solutions like toolbars," said Howard Schmidt, former White House cybersecurity advisor and current chief information security officer, eBay. "By integrating Web Caller- ID's behavioral detection into the browser, online companies can automatically protect their customers from previously unknown spoof sites without requiring frequent blacklist updates."

A Big, Expensive Problem Grows:

Phishing/site spoofing involves a simple form of social engineering capitalizing on consumers' innocence and belief in the credibility of e-mail, particularly when the communication appears to be sent from a known, trusted brand. A standard attack begins with a "phishing" e-mail designed to lure a user to a false version of a trusted Web site via a URL address embedded in the email. Once users are on the spoof site, they unwittingly divulge personal information, such as passwords or credit card numbers. Since the problem is escalating and impacting their profitability, companies are now taking responsibility to extend effective protection to their millions of online customers.

An April 2004(1) Gartner survey indicates an estimated 57 million American adults were exposed to phishing attacks over the last twelve months. 19 per cent of those attacked confirmed they had clicked on the URL link to a spoof site embedded in the email.

Avivah Litan, vice president and research director, Gartner Inc. adds, "Phishing attack victims lost $1.2 billion to identity theft fraud in the twelve months ending April 2004, and U.S. companies bore most of these costs. 92 percent of the attacks have occurred within the last year, so companies have a growing sense of urgency to implement solutions to combat the escalating threat, lower fraud losses and maintain customer confidence."

Zero-Hour Protection:

Solutions that rely on blacklists alone for protection against previously reported, investigated and published spoof sites are quickly outdated and consequently leave companies vulnerable to unreported or new spoof sites. WholeSecurity's Web Caller-ID can detect spoof sites in plug-ins that are integrated into browsers or toolbars or via parsing e-mail streams like spam. To deliver zero-hour protection against phishing attacks, Web Caller-ID uses an unprecedented behavioral detection method. Unlike blacklist only solutions, Web Caller-ID identifies previously unknown spoof sites based on their characteristics and prevents users from accessing them in real time. Web Caller-ID is designed to help companies experience fewer account takeovers, reduce fraud losses and increase member confidence in online commerce and marketing activities.

"WholeSecurity's offering exemplifies the serious attention the IT vendor and e-tailer communities are giving to the emerging threat of online identity theft," said Harris N. Miller, president of the Information Technology Association of America. "ITAA is leading the formation of the Online Identity Theft Coalition, a cross-sectoral group working to stay ahead of online fraud, through public awareness, technology innovation, information sharing, and public policy. Coalition members, including WholeSecurity and eBay, are setting the example for IT vendors and users alike to take aggressive steps to keep online commerce safe and growing."

Organizations including banks, credit card companies and online retailers can leverage the Web Caller-ID technology in one of two ways:
(1) Via an easily-downloadable browser plugin that automatically prevents consumers from entering illegitimate web sites, and
(2) Via a specialized email processing service that enables spoof site reporting and blacklisting.

"With the addition of Web Caller-ID to our existing suite of behavioral endpoint security products, WholeSecurity is now the only company with solutions that enable online enterprises to offer 'zero-hour' protection for employees, partners and customers against the two major online identity theft threats - eavesdropping programs and phishing attacks," furthered Peter Selda, CEO and president, WholeSecurity, Inc.

Key Web Caller-ID Features:
"Zero-Hour" Spoof Site Detection
  • Provides detection of new and unreported spoof sites without requiring blacklist updates
  • Performs complete site analysis across multiple behavioral categories in milliseconds
  • Detects sites in either the user-facing browser plug-in or by parsing any e-mail stream (e.g., spam or complaint messages)

    Browser-based Consumer Protection
  • Protects users when they are in their browser - the critical point where they could divulge personal information
  • Deploys as a stand-alone browser plug-in or integrates into existing toolbars (i.e. eBay Toolbar with Account Guard)
  • Downloads and caches automatically in a matter of seconds via ActiveX
  • Evaluates every site the user accesses for suspicious behavior without impacting browser performance
  • No rebooting, user configurations or manual updates required
  • Includes multiple defensive mechanisms to detect activities designed to attack the product or bypass detection

    Unified Management Console
  • Secure, browser-based management console allows administrators to view and confirm spoof sites, tune the system for their own sites and file DMCA notices to shut down fraudulent web sites
  • Provides a single, complete view into spoof sites detected via the browser plug-ins and e-mail streams
  • Reports critical information about phishing attacks, such as the number of active sites, number of sites detected in configurable time periods, most reported sites and sites that have been active the longest.
  • Comments: (0)