MasterCard Shuts Down 1,400 Phishing Sites

But the number of phishing sites continued to grow by 26% per month between July and February.

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Under the program, called Stop It, MasterCard is collaborating with digital-asset-protection company NameProtect Inc. to detect online scams in real time as they proliferate across the Internet. NameProtect employs Internet detection technology and systems to continuously monitor domain names, Web pages, online discussions, spam E-mail, and other online formats to identify online trading rings, phishing attacks, and other forms of fraud the moment each attack is launched online.

NameProtect provides real-time exclusive reports to MasterCard. MasterCard, in turn, reports illegal Web sites and other illegal online forums to law enforcement and alerts financial-services institutions.

The number of phishing sites grew by an average of 26% per month between July and February, reaching 2,625, according to the Anti-Phishing Working Group. The average lifetime for a phishing site was 5.7 days in February, but some stayed in operation as long as 30 days.

Last week, MasterCard succeeded in shutting down a phishing site within 15 minutes, says Sergio Pinon, senior VP of security and risk services. Typically, ID-theft rings will move their operations to other Internet service providers but give up after they've been shut down two or three times, Pinon says.

The rapid response to phishing has helped law-enforcement officials break up fraud rings. In October, the U.S. Secret Service collared 27 computer and credit-card scam artists following an investigation; the probe significantly disrupted cybercriminals targeting the U.S. financial infrastructure, according to MasterCard.

One of the newer forms of ID theft is "pharming," also known as DNS (domain name system) poisoning, in which victims are directed to a spoofed Web site that's an exact replica of the real site, where thieves harvest large volumes of personal information.

Cyota Inc., an anti-fraud software provider for financial institutions, on Tuesday added an anti-pharming feature to its FraudAction anti-phishing product. Thirteen of Cyota's banking clients, including two large U.S. banks, have deployed the anti-pharming software over the past eight weeks. The system scans for potential pharming attacks and alerts Cyota's Anti-Fraud Command Center. Once an attack is identified, the center proactively shuts down the spoofed site, conducts forensics, and deploys technical countermeasures. To date, Cyota has shut down more than 7,000 spoofed sites in 65 countries and lowered the lifespan of an attack to five hours from six days.

"Pharming represents a much more insidious form of attack than phishing, because there's no action required on the part of the user," says Chris Voice, VP of technology at security software firm Entrust Inc. Efforts to track and shut down phishing sites, he says, combined with strong authentication software to prevent keylogging and spyware, represent the best hope for restoring online trust.