IE 11 is not supported. For an optimal experience visit our site on another browser.

Free software sniffs out phishy Web sites

Consumers worried about falling for Internet scams will soon be able to download a free software tool to protect themselves. On Monday, EarthLink will unveil ScamBlocker, a program designed to spot imposter Web sites used in the identity theft schemes known as "phisher" scams.

Such scams can be hard for users to identify because the fake Web sites often look exactly like legitimate corporate Web sites for financial institutions such as Citibank, or e-commerce firms such as eBay. EarthLink's program will work with browser software to determine whether a site is fair or foul -- similar to the way that antivirus programs work with e-mail software.

With ScamBlocker installed, users who click on an e-mail link to a Web site that has been reported to be fake will instead be directed to an EarthLink site with a warning explaining that the site is suspect. Users can click on links to to learn more about phishing or continue on to the imposter site if they wish.

The software, which will appear as a toolbar across the bottom of a user's screen and includes other features such as pop-up blocking, will be free to all Internet users, not just EarthLink customers.

"We get 40,000 calls a month from people asking about these phisher e-mails," said Scott Mecredy, EarthLink's senior project manager for the software. "That can spark an interest in solving the problem."

EarthLink decided to make the ScamBlocker free to all Internet users, not just its own customers, because it won't work unless it has wide distribution and wide cooperation among Internet companies, Macready said. 

"If you get 'phished,' you are less likely to do all kinds of things online," Mecredy said. "And that's bad for everyone. The broadest distribution possible offers the best protection."

As with antivirus software, EarthLink's system won't be foolproof. In order to block users from accessing a fake site, the firm must first receive a report of the troublesome Web page, and verify it. Then it must send updates to all users, adding the site to a so-called black list.  Updates will happen every two hours, giving the criminals at least that much time to steal from users.

"In two hours a lot of people can get tricked," said Dave Jevans, chairman of the Anti-Phishing Working Group, a consortium of companies studying the phishing problem. "For it to really work well, you'll have to be at near real-time processing."

Still, said Jevans, EarthLink should be commended for developing the tool, and offering it for free. "We are glad to see people doing proactive things," he said. "Anybody who is making a solution and has ability to deploy it, that's good."

Attacks jump 43 percent
The number of phishing attacks continues to skyrocket. Statistics to be released by the Anti-Phishing Working Group next week indicate there was a 43 percent increase in phisher e-mail attacks from February to March. Nearly 13 different e-mail scams were initiated each day in March, according to the organization, with eBay the most popular target.

At the moment, EarthLink's black list will be populated mostly by complaints from Earthlink users, Jevans said, limiting its effectiveness, though the company is actively soliciting lists of suspicious sites from other Internet firms. At launch, Earthlink's list will be bolstered by contributions from eBay, which maintains its own list of fake eBay and PayPal sites.  Eventually, antispam firm Brightmail will also contribute sites for the black list.

In February, eBay began offering its own antiphishing software tool, called Account Guard.  Users see a flashing red button on the bottom of their screen if they visit a fake eBay site, and a flashing green button when they are on a legitimate eBay site. Several hundred thousand people are using the tool, eBay spokesman Hani Durzy said.

"We do believe companies should be working together to help solve this problem," Durzy said, adding that it's too early to tell how well the eBay tool is working.

The idea for EarthLink's tool grew out of the company's abuse group, Mecredy said. Workers there were frustrated when they had confirmation that certain Web sites were stealing from consumers, but could do little to stop them. The only way to fight back -- convincing the Internet provider which hosted the site to remove it -- could take hours or even days.

"We were forced to sit and watch as we found a phisher, and watch people fall for it," Mecredy said.  "It didn't make sense to send out e-mails saying, 'Ignore that other e-mail.' "

So in December, the group decided to develop a product that could automatically communicate a list of known phisher sites to Internet users.

The free ScamBlocker includes a limited version of EarthLink's pop-up blocker, along with a search tool powered by Google and an antispyware program called SpyAudit. The tool will be available for download beginning Monday at EarthLink, CNet's and