The term "phishing" refers to devious and dangerous phony e-mails. These bogus missives look authentic but host links to fraudulent Web site spoofs: look-alikes designed to tempt Netizens into entering sensitive data like passwords and credit-card numbers. However, Net security firms F5 Networks Inc. and MailProve Ltd. are determined to prevent Hong Kong netizens from becoming bait.

At a recent joint F5/MailProve Hong Kong press launch, Linda Hui, managing director of F5 Networks Hong Kong, said that her firm wanted to help raise the consciousness of local consumers by publicizing the dangers of phishing in Hong Kong media. And MailProve CEO Jeffrey Vong noted that local financial institutions have become much more interested in anti-phishing measures since news of actual losses became public.

Cyberjackings

How bad is it out there? We don"t precisely know, because most organizations won"t disclose whether they"ve been targeted by phishers, let alone specifics. But last October, when HSBC announced heightened security measures for its online customers, insight was gleaned into the felonious phenomenon.

Hong Kong daily The Standard reported that 11 members of an alleged syndicate were arrested on suspicion of defrauding 12 HSBC customers of HK$660,000 through phishing. Last December, a Bank of China Web spoof site was uncovered, while in January of 2005, six men were arrested in China for spawning a bogus site that lured enough customers away from the real Industrial and Commercial Bank of China (ICBC) site to net them 800,000 yuan (HK$753,600) before they were nabbed, said The Standard.

Hui is correct: the public needs to be more aware of the phishing menace. As US-based IT manager Fredrick Pastore said: "It"s a shame this activity became known as "phishing"-that"s too cutesy. It should be identified by its real name: attempted fraud."

Hong Kong Netizens are reminded to take basic precautions: never click on e-mail attachments, never click on embedded e-mail links, and never give out passwords or sensitive information. "Hard as it may be to believe, there really are people who have learned not to click on attachments," noted US-based security consultant Robert Ferrell. "That said, you can"t upgrade common sense, and you can"t install intelligence. Humans will always be the weakest link in the system security chain."

How serious is it? "Phishing is causing...greater problems than any bank robbery we"ve seen in history," said Matthew Prince, CEO of anti-spam consulting firm Unspam LLC.

"A lot of drug lords are getting into phishing," said Avivah Litan, a vice president and research director at Gartner. "It"s easier and more lucrative than selling cocaine."

The F5/Mailprove initiative

"Together, we are helping financial institutions, Internet Service Providers, e-commerce companies and other organizations targeted by online fraudsters to prevent the financial loss, customer dissatisfaction and erosion of brand equity that these malicious attacks cause," declared Hui. "F5 is pleased to partner with the Asian antispam leader, MailProve, in the fight against phishing."

Seattle-headquartered F5 Networks describes itself as the global leader in application traffic management, while MailProve is an Asian antispam and antiphishing service provider which claims it"s also the only Super Blacklist service provider in the Asia-Pacific market specializing in Asian languages.

The two firms have joined forces to launch iControl: a bundled hardware/software system aimed at helping organizations protect their customers against phishing attacks-which are neatly defined by F5/MailProve as "the use of fictitious e-mails and Web sites to facilitate online fraud and identity theft."

The system combines F5"s BIG-IP traffic management system and MailProve"s Super Blacklist technology at the network level and is designed to provide real-time detection and prevention of phishing attacks, protecting organizations from inbound and outbound phishing attempts.

For inbound attacks by phishing emails, users are protected by the MailProve Super Blacklist, a phishing e-mail blacklist, said the firms. For outbound phishing traffic (for example, malware that hijacks browsing to fraudulent Web sites), F5"s BIG-IP updated with the MailProve Super Blacklist will warn users when they attempt to access such Web sites, according to F5/MailProve.

MailProve detected eight major phishing attacks against organizations in Hong Kong during December 2004, said the firms at the launch. Phishing "issues" in Hong Kong saw an 80 percent rise between the first and second half of the year of 2004, according to F5/MailProve.