The Holy Womble
09-08-2005, 09:51
Israeli technology unmasks Internet scam artist (http://www.israel21c.org/bin/en.jsp?enDispWho=Articles%5El1062&enPage=BlankPage&enDisplay=view&enDispWhat=object&enVersion=0&enZone=Technology&)
We've all gotten used to the luxury of caller ID.
The telephone rings, and a quick glance at the phone tells us if it's our best friend or a bill collector - allowing us to decide quickly whether to answer the call or ignore it. If we pick up, armed with the knowledge of who we are dealing with we already know whether our voice should be friendly or hostile.
Yoram Nissenboim believes that his new tool will do for the Internet what Caller ID did for the telephone - provide the user with vital information regarding exactly who he is dealing with at the other end.
CallingID was created in response to a new Internet nuisance known as "phishing" - the sophisticated way to commit identity theft.
Everyone who has an e-mail account has experienced it. E-mails are received, that, at first glance, look as if they are coming from your bank, Internet provider, credit card company, or an on-line service like eBay. They usually claim they need to check your details and refer you to an authentic-looking website where you need to provide them with information they need to "confirm" such as your logon details, password/pin number or other personal identification. Their target: your credit card and online banking information.
"These e-mails that direct you to phony sites in order to extract information began about a year and a half ago. Many people who started getting this type of email first went to the sites; usually, they clicked a link to a site that looked completely legitimate, and filled out the forms with the requested information. They had no way of knowing if it was all right to send data to that site or not. Some were suspicious, but others were naïve. It's not easy - the people who design these sites use all sorts of technical tricks to make you think you are accessing the real thing," Nissenboim told ISRAEL21c.
The goal of CallingID is to "unmask" the scam artists by helping computer users distinguish between scams and legitimate sites. When users install CallingID they can navigate the Internet and, for the first time, truly "see" who they are dealing with behind the web page with information provided in a window as they surf.
"When you go to a site, and start filling in personal information, you want to send the data to those you can trust," says Nissenboim. "We have put a bridge between cyberspace and the real world and you know where in the real world this information goes to. We tell you automatically who owns this site and who is the entity that received your information. If it looks OK, you can go ahead. But if, for example, it is supposed to be an American company and the site owner is in China, you will see immediately that something is wrong there," he explains.
In addition to telling you who owns the site and where it is located, the CallingID tool offers a "risk assessment" - telling the user, based on several standard technical criteria, what the odds are that the organization receiving the information on a given website is trustworthy.
The answer is not always definitive, he cautions, but it gives the user something to work with. A basic display indicates the site's safety level, resulting from 50 different security tests performed behind the scenes and if the user wishes, all the detailed tests can be viewed. Other features include an automatic warning whenever you are about to give your credit card number to a site without the requisite security.
"We provide the information in a simple way that is completely automatic and uncomplicated. With the site owner and location identified and a risk assessment, the user can immediately decide if he wants to continue providing information or not."
The tool was officially launched in May, and until now most of its 2000 active users have heard of it through word of mouth. In a survey of the first users to take advantage of CallingID, more than 50 percent say that at least once a warning about the recipient stopped them from sending information.
"Even more significantly, 20 percent of the users said they used eCommerce more frequently because they could feel confident that they knew they were dealing with real organizations and 85 percent said they felt safer doing their online banking," said Nissenboim.
Nissenboim describes himself as a "serial entrepreneur" A networking and connectivity expert, he has co-founded and directed various high-tech companies that have been acquired and whose technologies continue to flourish.
In addition to CallingID, Nissenboim serves as CEO and co-founder of Acceloop Ltd. which provides content delivery solutions and ActiveBase Ltd., which provides database performance improvement solutions. Prior to that he was a co-founder of Anota (acquired by Jacada) and AbirNet (acquired by MEMCO). In 1988, he founded and managed Mitom Ltd., which developed, marketed and sold leading edge terminal emulation software and was acquired by NetManage Inc., in 1993. As Vice President of R&D responsible for NetManage?s host connectivity business, he helped raise the annual revenue from $5M in 1992 to $120M in 1995.
Nissenboim got the idea for the CallingID, naturally, when he became the target of those conducting a "phishing" expedition.
"I hesitated for a while trying to see what was the right solution for the problem, working with my good friend and business partner. We discussed it and after a few months of exchanging ideas we believed we knew how to solve the problem. We knew that we needed to define it well and design it well. In my opinion, anyone using the Internet now must use our tools or similar ones."
He said that there are approximately seven other companies offering solutions to the problem, but that they are "partial solutions" not as complete as the one he has created. Most, he says, involve alerting users when they have come to a site that is on a "blacklist." The problem with this approach is that technology outpaces the blacklists - new "phishing" sites are created every few hours and then shut down, and therefore, a blacklist isn't very effective.
"In almost all cases, we can detect a problem with the site automatically before a site is added to a blacklist," he points out.
In addition to the CallingID tool, which is free, they are selling a product to banks which help them to secure their customer's accounts - what they call a "safety-seal" for online banking.
"These solutions help banks comply with two recent recommendations of the FDIC (Federal Deposit Insurance Corporation)," Nissenboim explains.
The recommendations encouraged banks to increase their protection against spyware that steals their customers personal data, following a sharp increase in incidence of theft and exposure, and provides them with authentication techniques that can protect them from Internet fraud.
Spyware is software installed on a computer without the user's knowledge, often through a virus or when a user downloads a free program. Once it is downloaded, the user's personal or confidential information can be collected and their online activity can be tracked.
Nissenboim explains how his technology works: "When a bank registers with us, we know when one of its customers is providing his information to another site, and we can stop it before the data is sent out from his machine." The tool has a unique feature to "fool" spyware by providing a fake password.
The company is currently a small operation, privately held with just 12 employees.
But Nissenboim is confident of its success.
"If you ask me, I can't go to the Internet anymore without CallingID. It's not only me - I see that people who started getting used to it like it. It quickly moves from being something that you never knew existed to something that you have to have."
We've all gotten used to the luxury of caller ID.
The telephone rings, and a quick glance at the phone tells us if it's our best friend or a bill collector - allowing us to decide quickly whether to answer the call or ignore it. If we pick up, armed with the knowledge of who we are dealing with we already know whether our voice should be friendly or hostile.
Yoram Nissenboim believes that his new tool will do for the Internet what Caller ID did for the telephone - provide the user with vital information regarding exactly who he is dealing with at the other end.
CallingID was created in response to a new Internet nuisance known as "phishing" - the sophisticated way to commit identity theft.
Everyone who has an e-mail account has experienced it. E-mails are received, that, at first glance, look as if they are coming from your bank, Internet provider, credit card company, or an on-line service like eBay. They usually claim they need to check your details and refer you to an authentic-looking website where you need to provide them with information they need to "confirm" such as your logon details, password/pin number or other personal identification. Their target: your credit card and online banking information.
"These e-mails that direct you to phony sites in order to extract information began about a year and a half ago. Many people who started getting this type of email first went to the sites; usually, they clicked a link to a site that looked completely legitimate, and filled out the forms with the requested information. They had no way of knowing if it was all right to send data to that site or not. Some were suspicious, but others were naïve. It's not easy - the people who design these sites use all sorts of technical tricks to make you think you are accessing the real thing," Nissenboim told ISRAEL21c.
The goal of CallingID is to "unmask" the scam artists by helping computer users distinguish between scams and legitimate sites. When users install CallingID they can navigate the Internet and, for the first time, truly "see" who they are dealing with behind the web page with information provided in a window as they surf.
"When you go to a site, and start filling in personal information, you want to send the data to those you can trust," says Nissenboim. "We have put a bridge between cyberspace and the real world and you know where in the real world this information goes to. We tell you automatically who owns this site and who is the entity that received your information. If it looks OK, you can go ahead. But if, for example, it is supposed to be an American company and the site owner is in China, you will see immediately that something is wrong there," he explains.
In addition to telling you who owns the site and where it is located, the CallingID tool offers a "risk assessment" - telling the user, based on several standard technical criteria, what the odds are that the organization receiving the information on a given website is trustworthy.
The answer is not always definitive, he cautions, but it gives the user something to work with. A basic display indicates the site's safety level, resulting from 50 different security tests performed behind the scenes and if the user wishes, all the detailed tests can be viewed. Other features include an automatic warning whenever you are about to give your credit card number to a site without the requisite security.
"We provide the information in a simple way that is completely automatic and uncomplicated. With the site owner and location identified and a risk assessment, the user can immediately decide if he wants to continue providing information or not."
The tool was officially launched in May, and until now most of its 2000 active users have heard of it through word of mouth. In a survey of the first users to take advantage of CallingID, more than 50 percent say that at least once a warning about the recipient stopped them from sending information.
"Even more significantly, 20 percent of the users said they used eCommerce more frequently because they could feel confident that they knew they were dealing with real organizations and 85 percent said they felt safer doing their online banking," said Nissenboim.
Nissenboim describes himself as a "serial entrepreneur" A networking and connectivity expert, he has co-founded and directed various high-tech companies that have been acquired and whose technologies continue to flourish.
In addition to CallingID, Nissenboim serves as CEO and co-founder of Acceloop Ltd. which provides content delivery solutions and ActiveBase Ltd., which provides database performance improvement solutions. Prior to that he was a co-founder of Anota (acquired by Jacada) and AbirNet (acquired by MEMCO). In 1988, he founded and managed Mitom Ltd., which developed, marketed and sold leading edge terminal emulation software and was acquired by NetManage Inc., in 1993. As Vice President of R&D responsible for NetManage?s host connectivity business, he helped raise the annual revenue from $5M in 1992 to $120M in 1995.
Nissenboim got the idea for the CallingID, naturally, when he became the target of those conducting a "phishing" expedition.
"I hesitated for a while trying to see what was the right solution for the problem, working with my good friend and business partner. We discussed it and after a few months of exchanging ideas we believed we knew how to solve the problem. We knew that we needed to define it well and design it well. In my opinion, anyone using the Internet now must use our tools or similar ones."
He said that there are approximately seven other companies offering solutions to the problem, but that they are "partial solutions" not as complete as the one he has created. Most, he says, involve alerting users when they have come to a site that is on a "blacklist." The problem with this approach is that technology outpaces the blacklists - new "phishing" sites are created every few hours and then shut down, and therefore, a blacklist isn't very effective.
"In almost all cases, we can detect a problem with the site automatically before a site is added to a blacklist," he points out.
In addition to the CallingID tool, which is free, they are selling a product to banks which help them to secure their customer's accounts - what they call a "safety-seal" for online banking.
"These solutions help banks comply with two recent recommendations of the FDIC (Federal Deposit Insurance Corporation)," Nissenboim explains.
The recommendations encouraged banks to increase their protection against spyware that steals their customers personal data, following a sharp increase in incidence of theft and exposure, and provides them with authentication techniques that can protect them from Internet fraud.
Spyware is software installed on a computer without the user's knowledge, often through a virus or when a user downloads a free program. Once it is downloaded, the user's personal or confidential information can be collected and their online activity can be tracked.
Nissenboim explains how his technology works: "When a bank registers with us, we know when one of its customers is providing his information to another site, and we can stop it before the data is sent out from his machine." The tool has a unique feature to "fool" spyware by providing a fake password.
The company is currently a small operation, privately held with just 12 employees.
But Nissenboim is confident of its success.
"If you ask me, I can't go to the Internet anymore without CallingID. It's not only me - I see that people who started getting used to it like it. It quickly moves from being something that you never knew existed to something that you have to have."