Internet "phishing" or "spoofing" attacks are new ways for Internet scammers to deceive you into disclosing credit card numbers, bank account information, Social Security numbers, passwords and other sensitive information. These scams typically originate as an email messages pretending to be from an online payment service, bank, Internet Service Provider (ISP), etc., requesting updates to your account information or to validate your billing information. Once selected, you are directed to a "look-alike" website of the legitimate business, tricking you into thinking you are responding to a legitimate business request. Unknowingly, it is easy to submit confidential information to the scammers, who use it to order services, obtain credit or simply sell the information. This type of attack is very difficult for the typical person to detect, as the scammer's emails and websites utilize the exact style and graphics of the spoofed company, and appear genuine. Sensitive financial information unwittingly disclosed to spammers is used to execute fraudulent financial transactions and to enable long-term identity theft.
Many banks and financial institutions provide online banking and online access to account statements. Included in the emails for these services may be login fields (user name and password) or web links to their website. Phishing scams imitate these messages and websites, to the point where they are indistinguishable from those sent by legitimate companies. PhishGuard was created to address this problem.
PhishGuard is a simple, free software service that watches over your Internet activity and alerts you before navigating to malicious websites. PhishGuard does this by comparing Internet Explorer URLs (website addresses) to a database of known malicious websites. These sites are blocked and you are given the option to 'continue' navigating to the site or 'cancel' returning to your previous page.
PhishGuard harnesses the collective observations of users to identify and submit potentially malicious phishing scams. This unique architecture dramatically reduces the chance that any phishing scam can "slip through the cracks" and blindside an unsuspecting Internet user. The first person to discover a suspected phishing scam reports the offending email or URL, literally in seconds. There is no need to divulge any confidential information to the scammers. Within minutes our monitoring team has verified the scam and added it to the ScamBase™ database. Updates to the database are rapidly distributed to every participating computer effectively immunizing them against the newly discovered scam.
