New system for reporting net fraud
Microsoft has teamed up with the National Cyber-Forensics and Training Alliance (NCFTA) and several other organisations to form Internet Fraud Alert, a system designed for reporting and recovering account credentials that were stolen online.
The other companies participating in the new scheme are Accuity, the American Bankers Association, the Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Comission, the National Consumers League, and PayPal.
Microsoft has developed new technology specifically for this program which will swiftly inform any of the above companies about stolen account details, allowing the insitutions to take the necessary action to lock or close accounts and inform customers of the fraud.
Researchers working for the security industry have been spotting stolen credentials on the internet for ages, but there is no single system in place for reporting them to the relevant bodies. Internet Fraud Alert is intended to bridge the gap and ensure that phishing attacks and other means through which people's credentials are stolen are spotted and dealt with as early as possible.
Phishing attacks are on the rise, with over 410,000 unique phishing e-mail reports received by the Anti-Phishing Working Group in 2009 alone. With the Internet Fraud Alert system in place that means a substantial number of people's details will be reclaimed as soon as the fraud is discovered - in theory.
TechEye talked to Graham Cluley, Senior Technology Consultant of Sophos, about the new endeavour. He believed it was "a great initiative", saying that he "hoped the new system will make it easier to report securely information about online fraud and share data with the relevant authorities and institutions when stolen information is stumbled upon by security researchers."
"Our hope is that systems like this will help to shut down security holes quickly and limit the amount of information about innocent individuals that cybercriminals are able to steal," he added.
However, he was quick to state that users should not rely solely on this as a defence against online fraud. "Both consumers and online businesses have to invest in protection mechanisms to reduce the threat - but this initiative certainly has a part to play."