EarthLink’s No Phishing Buddies

EarthLink plans to halt phishing expeditions with a free toolbar that warns Internet users away from sites that want to steal their info.

On Monday, EarthLink is expected to launch ScamBlocker, a free downloadable toolbar that automatically inserts itself into Microsoft’s Internet Explorer. The toolbar is a benefit to users and also to the Atlanta, Ga.-based ISP said; keeping its name top of mind and top of the browser.

Phisher sites are online scams that trick Internet users into giving personal information by mimicking real corporate Web sites. According to the Anti-Phishing Working Group, 282 new phishing scams were introduced in February, up from 176 a month from January.

EarthLink’s abuse department finds out about new phisher attacks when customers and industry coalitions such as the Anti-Phishing Working Group report them, said EarthLink senior product manager Scott Mecredy. It also runs dummy accounts to attract scams. Working with the phisher’s Internet hosting service could be a lengthy process, he said. But by last year, systems and agreements were in place to shut down the sites quickly.

“In the very beginning, phishers weren’t easy to take down,” Mecredy told “Now… the phishing sites are looking more real, and they’re moving to international hosts.”

Because they’re overseas in places like Romania, they tend to stay up longer, Mecredy said. And that makes them vulnerable to being placed on blocking lists.

ScamBlocker installs a client on the user’s hard drive that performs a local scan of URLs as the browser requests pages. If they match a locally stored, encrypted list of suspect sites, the client refers to EarthLink’s servers for the most recently updated list, maintained by anti-spam software maker Brightmail, eBay and EarthLink. If the URL is a known phisher, the user is redirected to an EarthLink-generated Web page with info about phishers and other online scams. The companies found that updating the list every two hours provided the best combination of efficiency and protection.

This toolbar also includes a search engine powered by Google; EarthLink’s Pop-Up
Blocker, which has been available to customers for several months; and SpyAudit, a free product from WebRoot Software that EarthLink offers to customers. SpyAudit finds all the spyware programs residing on a PC. The ISP is cooperating with eBay and Brightmail, provider of EarthLink’s anti-spam technology, to create block lists of known phisher sites.

SpyAudit scans computer hard drives for applications that report Internet activities to a third party. They range from adware, which delivers advertising based on what site someone is visiting into a small window to Trojans and system monitors that let fraudsters steal passwords and personal information by keystroke logging.

Thursday, EarthLink and WebRoot announced the launch of SpyAudit, a monthly analysis to track the prevalence of spyware. The first report, covering the last three months, showed more than 29.5 million instances of spyware, and 184,919 Trojan installations. The companies said they would also publish monthly SpyAudits.

Besides the useful anti-scam applications, the toolbar is expected to contain a drop-down menu leading to EarthLink services. The toolbar will be available from several Internet download sites, although marketing will at first be limited to existing EarthLink customers.

“We noticed over the course of last year that the toolbar space is starting to evolve, and we needed to take a look at our roadmap for our IE toolbar,” Mecredy said. “We’re making the EarthLink toolbar available to consumers at large.”

Mecredy said that the company’s first goal is to cut down on calls to customer service from people who’ve received phisher e-mails or actually gone to a phisher site thinking it was EarthLink’s.

“It’s an opportunity for us to save money,” he said, “and hopefully attract some additional customers based on the appeal of our toolbar.”

News Around the Web