Symantec launches antiphishing group

Symantec on Monday announced the formation of a group of security companies, financial institutions and Internet retailers that are banding together to help fight phishing.

Called the Symantec Phish Report Network, this group was initially formed by antiphishing vendor WholeSecurity, which Symantec acquired last September. Symantec modified the terms of membership and is relaunching the network with the participation of RSA Security, eBay, PayPal, Wells Fargo and Yahoo.

The network consists of senders, those who submit fraudulent Web site addresses that Symantec investigates and confirms are phishing sites. Symantec then distributes that information to recipients who use the information in their products to block users from visiting fraudulent Web sites.

Senders benefit from this network by reporting URLs that may be trying to trick their customers by posing as banking or retail sites. Recipients benefit by receiving vetted, up-to-date information about fraudulent sites that they can update their security products with, says David Cole, director of Symantec's security response.

Phishing attacks -- where fraudsters send e-mails that point recipients to bogus Web sites asking them to enter financial information that is then stolen -- have hit an all-time high this year, according to the Anti-Phishing Working Group (APWG), of which Symantec is a member. In March, the group received 18,480 phishing reports -- a record high -- and discovered 9,666 fraudulent Web sites.

Phishers appear to be sharpening their targets of late. In March, only 70 unique brands were spoofed, compared to a high of 121 in December of 2005, according to APWG. And, for the first time in months, a bank was the most phished brand in March, the group says.

Symantec will act as the "backbone" of the new network, using its operation center to confirm that reported sites are indeed fraudulent, and dispersing that information to network members in the form of updates. Because this requires some effort on Symantec's part, it will charge a nominal fee to members who opt to receive information from the network, Cole says. When WholeSecurity ran the network, the company charged both senders and recipients.

With the inclusion of companies such as RSA, which acquired antifraud company Cyota that focuses on the financial industry, Cole says the Phish Report Network will benefit by receiving information from many sources.

"RSA and Cyota are very important members because of their financial institution data,' says Cole.

Before the relaunch of the Phish Report Network -- when it was still being run by WholeSecurity -- there were 200 to 300 fraudulent Web sites being reported per day, says Cole. Now, with more sending companies contributing to the network, Symantec expects the network will report much larger volumes, he says.

Symantec will use the information gathered from The Phish Report Network in its own products, including it e-mail security gateway software and appliance that scan incoming e-mail messages for threats. The company says that it will make access available to the network from competitors in the e-mail security market, including companies such as Postini, IronPort, CipherTrust, and MessageLabs.