Sophos's new PhishAlert™ Service fights online fraud

August 16, 2005 Sophos Press Release

Lynnfield, MA - Sophos, a world leader in network security, announced the availability of Sophos PhishAlert™ Service an early-warning system that proactively informs organizations of new phishing scams that target their customers. Targeted at financial institutions and e-commerce institutions, Sophos's PhishAlert notifies online businesses of phishing attempts so that the fraudulent sites can be shut down, minimizing the company's financial losses, customer dissatisfaction and damage to reputation.

Over the past two years, phishing has grown dramatically to become a primary avenue for identity theft. The Anti-Phishing Working Group (APWG), a cross-industry association focused on eliminating the online fraud and identity theft, reported over 3,300 active phishing sites in May 2005 - more than double the number reported in October 2004. Sophos is a member of the APWG.

Phishing also has a negative financial impact on businesses. A July 2005 study by the Ponemon Institute, a data privacy and business ethics research firm, shows 59% of consumers reported reducing online transactions as a result of phishing scams.1 Also, a June 2005 Gartner survey of 5000 US consumers reported that the number of phishing attack email recipients grew by 28 percent.2

According to the Gartner survey, "Phishing attacks are not subsiding, despite some industry theories that phishing is a fad that peaked in 2004. An estimated 2.42 million US adults reporting losing money in phishing attacks. According to these victims, total financial losses this past year amounted to nearly $929 million. Perhaps the biggest impact for businesses is a newfound and serious consumer distrust of email."

"Phishing attacks costs legitimate companies like financial services and online retailers money and time," said Gregg Mastoras, Senior Security Analyst at Sophos. "This Sophos service will automatically notify users of the service, enabling them to warn their customers and immediately appeal to law enforcement agencies and ISPs to shut down a phishing site."

The service provides email samples and additional information to help companies respond quickly to phishing attacks and reports on overall phishing activities. It also identifies fraudulent websites to users of the PhishAlert service.

Sophos PhishAlert service is designed to capitalize on the research and expertise of SophosLabs™, a global network of security research centers, to proactively catch, analyze and identify phishing attacks in its global network of spam traps.

  1. Ponemon Institute, 'Email Authentication Survey,' July 2005
  2. Gartner, 'Increased Phishing and Online Attacks Cause Dip in Consumer Confidence,' Avivah Litan, June 2005