More than a dozen corporate giants in the retail, telecommunications, financial services, banking and technology industries are joining forces to combat phishing, spoofing and other methods of online identify fraud.
The companies — among them AT&T Wireless Services, IBM, Best Buy, and Fidelity Investments — have announced the formation of the Trusted Electronic Communications Forum (TECF), a group that will focus on eliminating phishing's threat to email and e-commerce. Details about the group first emerged last week.
"TECF was built around the concept that the only way we were going to combat the problem of phishing and spoofing was to create a consortium, a forum, that was cross-industry and global that focused specifically on phishing and spoofing," says TECF chairman Shawn Eldridge. The TECF, he say, plans to work "toward the standards with technology, techniques, best practices to combat phishing as well as working with government agencies to help for reporting of phishing attacks, as well as the prosecution of phishers".
According to Eldridge, the organisation now has four working groups: technical standards, best practices, government affairs and social engineering. Its short-term goals are to quickly find mechanisms, technologies and other ways to combat phishing today.
"Longer-term goals include working with the US government and other governments in Europe on the prosecution side, as well as the finalisation of standards that actually prevent and stop phishing scams from occurring," Eldridge says.
The group will meet formally for the first time in a couple of weeks, he says.
Phishing attacks by hackers, in which fake websites and messages are used to steal financial information from online consumers, are so widespread that an estimated 57 million Americans have likely received fraudulent emails, according to a study released last month by Gartner.
Direct losses from identity theft against phishing victims cost US banks and credit card issuers about $US1.2 billion last year, according to the study.
A statement on the TECF's website, says the companies are concerned about virtual threats that "have impeded the progress of internet communications and have damaged the trust between enterprises and its customers.
"Financial institutions, internet service providers and other service providers must take phishing seriously," says Gartner analyst Avivah Litan in the statement. "These service providers should take action to apply solutions that dramatically minimise, if not eradicate, the threat, even if the service providers themselves are not direct targets."