Microsoft develops Internet Fraud Alert

Microsoft has teamed up with the National Cyber-Forensics and Training Alliance (NCFTA) and several other organisations to form Internet Fraud Alert, a system designed for reporting and recovering account credentials that were stolen online.

The other companies participating in the new scheme are Accuity, the American Bankers Association, the Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Comission, the National Consumers League, and PayPal.

Microsoft has developed new technology specifically for this program which will swiftly inform any of the above companies about stolen account details, allowing the insitutions to take the necessary action to lock or close accounts and inform customers of the fraud.

Researchers working for the security industry have been spotting stolen credentials on the internet for ages, but there is no single system in place for reporting them to the relevant bodies. Internet Fraud Alert is intended to bridge the gap and ensure that phishing attacks and other means through which people’s credentials are stolen are spotted and dealt with as early as possible.

Phishing attacks are on the rise, with over 410,000 unique phishing e-mail reports received by the Anti-Phishing Working Group in 2009 alone. With the Internet Fraud Alert system in place that means a substantial number of people’s details will be reclaimed as soon as the fraud is discovered – in theory.

TechEye talked to Graham Cluley, Senior Technology Consultant of Sophos, about the new endeavour. He believed it was “a great initiative”, saying that he “hoped the new system will make it easier to report securely information about online fraud and share data with the relevant authorities and institutions when stolen information is stumbled upon by security researchers.”

“Our hope is that systems like this will help to shut down security holes quickly and limit the amount of information about innocent individuals that cybercriminals are able to steal,” he added.

However, he was quick to state that users should not rely solely on this as a defence against online fraud. “Both consumers and online businesses have to invest in protection mechanisms to reduce the threat – but this initiative certainly has a part to play.”

 

Financial Fraud Action UK tells us that Microsoft’s on the right track here:

“The IFA initiative is a step in the right direction, however in the UK, banks already have arrangements in place to identify and recover stolen card data and customer credentials. Investing in these systems, which minimise the damage when information is stolen or gets into the wrong hands, is only one form of protection in our multi-layer approach. In the UK we focus on preventing the fraud from occurring in the first place.

“To this end we work with a number of stakeholders, both governmental and industry, such as Microsoft, to inform consumers about possible threats and provide them with advice to stay safe. We also run a number of consumer awareness campaigns on behalf of the industry.”

Financial Fraud Action UK recommended that if you’re interested in finding out more, you should head to: www.banksafeonline.org.uk, www.becardsmart.org.uk, www.cardwatch.org.uk and www.identitytheft.org.uk.