New anti-phishing database starts in July

gallery

A new database that will allow organisations to share information about phishing email scams will be operational by July this year, according to the Anti-Phishing Working Group.

After two years of development, the new database will feature details of phishing incidents recorded an XML format called the Incident Object Description Exchange Format (IODEF) XML Schema. This schema is expected to be ratified as an IETF standard very soon.

According to experts, the new database will allow phishing websites to be tracked more easily.

"Phishers are a constantly evolving threat to computer users, and any move to crack down on them is always welcome," said Mike Dodson, technical director at email security company Mirapoint. "This new initiative from the APWG means that phishing sites will be easier than ever to track and destroy, with fraudulent activities measurable in hours rather than days."

But Dodson warned that this database alone would not stop phishing gangs.

"It won't stop them in the short term from continuing to send out scam emails. This initiative would be even more effective if it was occurring in tandem with a similar concerted action from, for instance, the banks themselves," he said.

Dodson said that if banks adopted and promoted a unified code of conduct regarding email policy - clearly stating how they intend to communicate with their customers - then phishers would "quickly run out of victims."

"However, the slew of competing policies currently in place just allows phishers to take advantage of this confusion," he added.

Email to a friend

Print this page