For the initiative, WhenU sends consumers who visit known fraudulent sites a pop-up alerting them that the site they landed on is a "potential phishing site."
WhenU drew its list of phony Web addresses--600 to date--from the Internet sites www.fraudwatchinternational.com and www.antiphishing.org. The program started on Monday, and is still being rolled out, said CEO Bill Day. So far this week, WhenU has sent users between 800 and 1,500 warnings per day.
The program drew cautious praise from online security expert Bruce Schneier, founder and chief technology officer of Counterpane Internet Security, Inc. "It's a good idea," he said, adding that anything that makes it harder for scammers to operate is a plus. But, he warned, there are many possibilities for error--such as omitting some phony sites from the list of suspect sites. "The devil is in the details," he said. "To do this well is not easy."
Day said that the plan might not be perfect, but is a step in the right direction. "Can we be 100 percent inclusive?" he asked. "It's more important we just do what we can."
The move is one of several consumer-friendly initiatives WhenU has made since Day joined on Oct. 1. Last month, WhenU discontinued the controversial practice of serving pop-ups that resembled the Windows program message "Active-X." Active-X is a real program that alerts users to potential Internet security pitfalls, but ads disguised as "ActiveX" usually warn consumers that the computer may be infected with spyware, and then ask them to click-through.
WhenU and other adware companies often come under fire from consumer advocates who charge that customers don't fully understand they'll be served ads when they download the companies' software. Chris Hoofnagle, associate director of the Electronic Privacy Information Center--a leading adware critic--said the potential benefit of warning consumers about online scams doesn't overcome fundamental flaws with the business. To Hoofnagle, a major problem is that consumers don't always understand what they're agreeing to when they download an adware company's software. "It sounds like a good service," he said of the anti-phishing program. But, he added, it "doesn't clean the company's hands in terms of not obtaining consent."