RSSAOL Begins Blocking Phishing Sites
By Nate Mook | Published April 20, 2005, 11:42 AM
In a major initiative to combat the growing threat of identity theft scams, AOL announced it will begin to work internally and with partners to identify and block member access to phishing sites. AOL says the blocks affect only dangerous sites, and will not be extended to censor questionable content.
The move will be the first time AOL has made a concerted effort to prevent its members from reaching the dark corners of the Web. The company previously only blocked small numbers of sites on an "ad hoc basis" based on "internal referrals during work hours," a company spokesperson told BetaNews.
Phishing is the designation given to a class of socially engineered attacks -- generally carried out like spam via e-mail -- that steal consumers' passwords, credit card numbers and other personally identifiable information. Very often these scams look like genuine e-mails from companies such as PayPal and eBay.
To keep its users protected from phishing, AOL is joining forces with Cyota, an anti-fraud and security solution provider for financial institutions. When a site is blocked, any AOL member who tries to visit the page will encounter a notice explaining the danger.
"This system functions like a 24-hour-a-day phishing SWAT team, using a variety of sources to try to identify and block phishing sites around the clock," AOL spokesperson Andrew Weinstein explained to BetaNews. "So, if an attack is identified at 4am, we will try to block it before our members have their first cup of coffee and check their morning e-mail."
AOL downplayed concerns that such blocking could open the door for censoring content the company deems inappropriate, saying phishing sites do not fall into a grey area.
"They are dangerous and illegal sites that are trying to steal personal and financial information from our members, and we will take aggressive steps to protect our members from such criminals," said Weinstein. "When the bridge is out, it makes perfect sense to put up a 'road closed' sign."
Weinstein said that all sites are thoroughly reviewed before being blocked, and if a legitimate site slipped through, it could easily be unblocked.
AOL isn't the only industry leader tackling the phishing problem. Microsoft recently filed 117 lawsuits against alleged phishing site operators. Technology companies and law enforcement also teamed up to crack down on phishing by launching the Digital PhishNet program last December.
These kinds of things can get out of hand. What if the next initiative is to block any site that could be related to terrorism. Then the one after that is to block anti-gov't sites (since we know that leads to terrorism). Now move on to an initiative to block any website that says the president is an idiot. And so on and so on. Of course that seems a little extreme sounding now, but you never know.
Score: 0
|If we decided not to do anything based on 'what might possibly, maybe, could be, might have been' for every decision we make, nothing, i repeat NOTHING, would ever get done.
I hate AOL. Seriously. I'd believe it in a hearbeat if someone told me that 90% of the zombie PCs out there were connected through AOL. They simply cater to users who don't know how to protect themselves, and up until recently have not taken the reponsibility to do the protecting for them.
I applaud them for *finally* doing something to keep the sheep's PCs in line and out of trouble. I understand they are now supply them with AV and ad-blocking software. I hope these are *forced* updates. I wouldn't give AOL users the option.
Score: 0
|Well, I agree with you however I'm certainly not suggesting we not do anything at all. Maybe the first step is to improve the users' software to detect these sorts of things. A lot of these phishing sites are successful because they exploit vulnerabilites in the web browser.
Second to that, arm people with information. People aren't totally mindless sheep, they don't want their information stolen just like you and I do not. I think education and improved software are better answers and a long term solution whereas just blocking specific sites is temporary.
Score: 0
|Do you really think AOL users are going to pay for PC classes? Do you think half of them even RTFM? I don't. I think they use AOL because it requires little to no effort/knowledge on their part.
Therefore I firmly believe it is AOL's responsibility to protect us NON-AOL users from them by making sure through software and via blocking that their systems don't become zombies. If they have to block every page not on the AOL network, so be it...Make AOL a closed network, no skin of my nose.
Let the users of AOL decide if they can live with it or not.
lmao... Hell, as far as that goes, AOL should require users to prove they can protect themselves before cutting them loose from the AOL network.
Score: 0
|I'd like to have a list of these sites being blocked... they'd come in handy to block them at my mail server as well. I have zero (0) problem with an ISP trying to stop this foolishness! Give them all (the Phishing Folks) 9 years of R&R (rest and relaxation) with their buddy that got his 9 year jail sentence a few days back I say!
Score: 0
|For real. Then MAKE them pay back the customers they have scammed over the years.
Score: 0
|That is a great question. I contacted AOL and they said the proposal would be raised in the coming weeks. There likely would be some liability issues, but if they could be worked out, perhaps it could be the start of a big industry-wide effort like anti-spam outfits provide (but without affecting innocent folks).
Score: 0
|First of all, how do you become a legitimate site for phishing? I am sure some of these sites are afilliates of AOL.
It is a form of censorship, but I agree that something has to be done - like go after the sites they know are phishing with lawsuits and close them down. Last I knew, identity theft was illegal - right?
How are you going to know if you are on the list? Any competitor to them can mysteriously fall on this list or any any site for that matter that doesn't adhere to these guidelines could be banned. Sounds like the beginning of the end! Why is it we punish the users and not the criminals?
Score: 0
|