TippingPoint Technologies Inc. this week introduced a network-based, anti-phishing filter that blocks sneaky scams before they start, and if that fails, it enables a number of hurdles to sink the scheme.
The filter, sent out this week as a digital vaccine to TippingPoint's Intrusion Prevention System (IPS), works at the network level to detect and prevent phishing scams from reaching end users.
According to statistics from Stamford, Conn.-based Gartner Inc., nearly 2.5 million people last year reported losing money because of phishing attacks to the tune of roughly $929 million. The Anti-Phishing Working Group's Web site indicates that they received 14,135 reports of phishing scams in July 2005 and, in the same month, 71 brands were hijacked by phishing campaigns.
Tod Beardsley, lead counter-fraud engineer for Austin, Texas-based TippingPoint, a division of 3Com Corp., explained that the new filter picks up where other anti-phishing software falls short by targeting all phases of the phishing process.
TippingPoint's IPS is hardware based and can plug into the perimeter or core of a corporation's network. The anti-phishing filter is a free upgrade for IPS customers, Beardsley said.
"It's going to be a nice enhancement to their IPS product," she said. "It's another layer of the security you want in the network. It's not something an admin has to deal with; it blocks [phishing campaigns] at the source."
In a typical phishing expedition, a phisher finds flaws and vulnerabilities to compromise a legitimate organization's Web site or server. Using that information, a phishing site is developed and a mass e-mail is sent out to draw traffic to the bogus site. The user, unaware that the site is a fraud, clicks on the URL and views the phishing site. In some instances, the fraudulent site looks so real the user submits personal, financial and account information, which phishers use to steal the user's money or identity.
The filter thwarts attacks at the following levels:
- It protects vulnerabilities to thwart the initial Web site or server compromise.
- Using behavior-based filters, content inspection and pattern-matching signatures, it blocks mass phishing e-mails.
- If the e-mail slips through and the recipient clicks on the misleading URL, the filter evaluates the URL to determine if it is linking to a real or phony site. If the site is bogus, it too is blocked.
- If the site is displayed, it is evaluated for exploited vulnerabilities by inspecting the content and uses behavior-based filters for signs of forgery.
- Finally, if the user is tricked and gets all the way through and tries to submit an account number to a suspected phishing site, the transfer of information is blocked.
"We're OK with failing one or two phases along the way, because were going to pick it up further down the line," Beardsley said.
Laura Craddick, TippingPoint's public relations manager, said the system is designed to prevent phishing campaigns from ever starting, not to identify them and alert the user, like other filters do.
"Unfortunately, by the time you alert somebody, it's already too late," Beardsley said. "It's important for us to be preventative. When we block, we block for real."