Companies whose names frequently are used in phishing schemes – such as eBay and Wells Fargo – and security vendors – such as RSA Security – voluntarily contribute URLs they have identified as bogus to the reporting network, said Dave Cole, director of Symantec Security Response.
Symantec collects the data, vets the URLs to determine if they are fraudulent and then distributes the information to paying members, who typically include internet service and email providers, Cole said. Companies pay a $50,000 annual fee to subscribe.
The service will help companies protect their brand image, shield customers from cybercriminals and aid in their ongoing anti-fraud efforts, Symantec said in a statement announcing the new service.
Cole said several efforts exist for the reporting of phishing attacks, including the well-known Anti-Phishing Working Group, but none provide a central location that confirms the validity of fraudulent URLs.
And according to Symantec's most recent Internet Security Threat Report, the number of phishing attempts is rapidly growing. The report identified 7.92 million daily tries in the last half of 2005, an increase of 5.7 million attempts per day from the first half of '05.
"Preventing cybercrime is a top priority for Symantec," said Arthur Wong, vice president of Symantec Security Response and Managed Security Solutions. "Symantec is taking an active role against phishing attacks and online fraud by hosting and continuing the Phish Report Network.