April 21, 2005 - (HOSTSEARCH.COM) - America Online today announced a major new initiative to combat “phishing” -- the practice of using fraudulent e-mail and fake web sites to solicit sensitive personal information from users. As part of that campaign, America Online has partnered with Cyota, Inc., the leading anti-fraud and online security solution provider for financial institutions, to help identify and block access to suspected phishing sites through a 24-hour-a-day, 7-day-a-week monitoring process. AOL is also working internally and with other partners to identify and block phishing sites.
This effort supplements the other steps AOL has taken to help protect its members against phishing, including spam blocking, cooperation with law enforcement, member education, and tools like AOL Money Alerts, AOL Passcode, and AOL Official Mail.
"Phishing and identity theft are the fastest-growing security threats online, and we will work around the clock to protect our members with the tools we have available,” said Tatiana Platt, AOL Senior Vice President and Chief Trust Officer. “By limiting our members' access to suspected phishing sites, we're trying to cut the lines before a phisher can reel them in and steal sensitive financial and personal information. And we're just getting started. Over coming months, we'll continue to roll out new and stronger technological and legal defenses against phishers, scammers and identity thieves."
America Online is working with Cyota to evaluate potential phishing sites based on member feedback through its "Report Spam" button and through other sources. When a possible phishing site is identified, AOL limits access to the site though the AOL client and informs any member who attempts to visit it that it is suspected of being a dangerous site. In addition to sites that fraudulently attempt to spoof pages of the AOL service, America Online is working to block access to fraudulent web sites imitating other legitimate companies like banks, credit card issuers, online auctions, and online payment facilitators.
“Our customers – some of the world’s largest banks – look to Cyota to fight fraud and partner with industry leaders to help protect their assets, brand and accountholder’s interests,” said Amir Orad, Cyota Executive Vice President of Marketing. “As the world’s largest Internet service provider, America Online is already a driving force in the fight against online crimes. Together, Cyota and America Online will strive to mitigate the damages of phishing and e-mail fraud against banks, their accountholders and AOL members.”
In addition to the effort announced today, AOL has also deployed a range of other tools and strategies – both visible and behind-the-scenes – to help protect members from phishing scams. Among those:
AOL Official Mail: AOL created – and remains the only ISP to use – a different color, icon, look, and feel to identify legitimate official e-mail correspondence from the company. "AOL Official Mail” has a unique icon in the members' mailbox, a different color when opened, and special branding at the top to differentiate it from scams and phishing attempts.
Spam/Phishing Blocking: As part of spam fighting efforts, AOL uses a variety of methods to block unusual quantities or types of e-mails that pass through AOL's servers. As phishing is generally done via mass e-mail attacks, those spam controls also block many phishing attempts.
AOL PassCode: The AOL PassCode device is offered as a premium service that allows members to add a second level of corporate-strength authentication to their accounts. The keychain-sized token creates and displays a unique 6-digit code every 60 seconds that the member must enter to access their account.
AOL Money Alerts: AOL Money Alerts notify members of unusual account activity on their registered bank accounts or credit cards. Members can choose a transaction size on each account for which to be notified and will then receive an alert via e-mail, IM, cell phone or wireless device if that limit is exceeded. Money Alerts can offer an early warning system of possible identity theft or phishers attempting to use an account.
Member Education: AOL has placed messaging to members on every e-mail and on every IM window that lets them know that AOL staff will never ask for their password or billing information. AOL has also created a special area of the service through Keyword: Phishing to help inform members about useful tips and alert them to scams. Also, AOL recently launched new Security Alerts to regularly update members who choose to receive them about new phishing attempts and other scams.
AOL and Cyota are also working to evaluate and deploy other joint technologies and share information in order to better detect and respond to phishing attacks. Cyota has developed an array of anti-fraud solutions, including its FraudAction anti-phishing solution, which is provided to banks and financial institutions worldwide. FraudAction detects phishing attacks, shuts down phishing sites, performs forensic work and works with banks and law enforcement agencies to prevent future attacks. Cyota’s array of anti-fraud solutions are currently in use by eight of the top 12 banks in the US and the UK, and thousands of other financial institutions around the world.
