GS Logo
The Green Sheet, Inc

Please Log in

A Thing

The Ol' Secret Phishing Hole Just Ain't What It Used to Be

What's that saying? A bad day fishing is better than a good day working? Crooks might say the same thing about phishing, the newest electronic fraud tactic used to lure unsuspecting consumers into voluntarily providing financial and personal information.

Masquerading as legitimate companies, the crooks "phish" for information for the usual fraudulent reasons-to gain access credit card account numbers and other types of information.

The consumers receive e-mails supposedly from an e-commerce company or financial institution requesting that they update their account information. They're asked to click on a link to a Web page, which is a spoof site, to enter the information.

It used to be the e-mails and Web sites were very amateurish and full of typos. Increasingly, it seems the phishers are becoming more technically sophisticated and it's more difficult to tell the difference between a phony site and a real one.

While relatively few people actually respond to the messages, the incidents of phishing scams have increased dramatically in the past year-and especially in the first half of 2004.

Anti-spam and phishing consumer advocates, the Anti-Phishing Working Group, had 282 separate cases of phishing e-mails reported to it in February 2004, up from 176 instances in January and 116 in December 2003.

According to the San Francisco Chronicle, Brightmail, a company that provides a service filtering e-mail for spam, identified 2.3 billion phishing messages in February 2004, or 4% of the e-mail it processed. That's up from the 1% it found in September 2003.

It used to be that phishermen were teenagers looking for AOL account information to gain more online time. Until very recently, phishers have been small fry-the occasional kid or adult, and the stakes were pretty puny.

The FBI investigated a series of phony mass e-mails and traced them to a middle-aged woman running a scheme out of her Midwestern house. A 20-year old college student phished $35,000 from 150 people who installed software he wrote imitating a security update from PayPal; he was convicted of wire fraud.

Internet access provider EarthLink undertook a campaign last year to track down phishers. It found about a dozen people who could clearly be identified as phishers and over half of those were under the age of 18.

This year, though, in a similar campaign, EarthLink discovered phishing messages that were much more technically sophisticated and that originated from computers in Russia and Asia.

Most phishers prosecuted so far have been located in the United States, and have mostly been working alone. Now it seems that organized crime rings, particularly from Eastern Europe, are getting in on the action, raising the bar for the spoils that are plundered.

Federal officials and companies such as Citibank, whose Web sites are frequently spoofed, are paying serious attention as phishing scams become more widespread and costly.

Working in conjunction with the Secret Service, eBay investigated a series of scams originating in Romania that resulted in the arrests of more than 100 people, including one man convicted of phishing for $500,000.

Will it ever be safe to conduct business online?

While there is currently very little technology on the market to prevent phishing-related fraud, there are efforts underway to foil this latest form of identity theft. Financial losses are absorbed by banks, credit card issuers and their insurance companies, so their vigilance will increase.

In June, MasterCard announced it will use technology from NameProtect, a digital fraud protection provider, to detect online scams in real time and to protect the MasterCard identity and logo from being used by phishers. NameProtect's solutions monitor domain names, Web pages, chat groups, spam e-mails and other online formats to identify attempts at fraud.

In turn, MasterCard will be able to alert its 25,000 members (and subsequently the millions of customers with MasterCard-branded cards) and authorities including the Secret Service, FBI, U.S. Postal Service and Interpol.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Back Next Index © 2004, The Green Sheet, Inc.