EBay's popularity clearly has a downside. The company has become a prime target for "phishing" attacks by online perpetrators who email unsuspecting users and set up websites in the guise of the popular online auctioneer.
One of the weapons eBay is using to fight back is a product from WholeSecurity called Web Caller-ID, which allows users to verify the authenticity of a website. This week, WholeSecurity is making Web Caller-ID generally available to other users as well.
The browser-based software has been embedded in the Account Guard feature of the eBay toolbar since January. It not only detects fake sites in real time but also prevents users from accessing them.
"No technology is going to solve 100 percent of the phishing problem," says Howard Schmidt, eBay's chief information security officer and a former White House cybersecurity advisor. "But this has provided an additional layer of protection for users."
The product uses a unique behavior-based detection method to identify spoofed websites, says Scott Olsen, a senior vice president at WholeSecurity.
Unlike products that work by blacklisting sites that are already known to be fraudulent, Web Caller-ID evaluates every site the user accesses for suspicious behavior, Olsen says. Pages are analysed and scored using a proprietary rating system that determines whether a page is valid or spoofed.
Users are alerted and blocked when they attempt to launch such pages or enter confidential information into them, Olsen says. WholeSecurity declined to release pricing information.
The technology is effective at detecting new and unreported spoof sites that are often used in phishing scams, says Avivah Litan, a Gartner analyst. "It's a big jump over blacklist technology," she says.
But there are caveats. To be protected, users need to download plug-ins that are integrated into browsers or toolbars. Currently, only very large sites like eBay and Yahoo have such toolbars, Litan says. Users would also need to download multiple toolbars as more companies start using the technology, she says.
WholeSecurity's technology is being released at a time when phishing attacks, which use spoofed email and websites to fool users into divulging personal information, are rising.
The Anti-Phishing Working Group reported 1,422 unique phishing attacks in June, up 19 percent over May. For the 12-month period that ended in April, phishing attacks cost victims $US1.2 billion, with US companies bearing most of the costs, Gartner said.
The trend has resulted in a "growing sense of urgency" to implement steps to combat the problem, according to Gartner.