Consumers accustomed to receiving a daily barrage of spam should
be wary of a fast-growing scam that can catch even the most
Internet-savvy users off guard.
Called “phishing,” the ploy uses e-mails purporting
to be from banks or other companies to lure people to fraudulent
Web sites, where customers are asked to enter their credit card
numbers and other personal information.
Audri Lanford, co-editor of Internet ScamBusters, a group
working to raise awareness about online fraud, said it’s
difficult to gauge the number of people who become victims. But her
organization predicts that aside from identity theft, phishing
schemes will pose the largest security threat to web users in
2005.
“It’s really hard to know how many people are
getting scammed,” she said. “Most people feel foolish,
and they don’t report it.”
The number of phishing sites reported to the Anti-Phishing
Working Group rose from 727 in August 2004 to 1,518 in November,
and while some scams are obvious, riddled with typos and spelling
errors, others imitate company logos to perfection and provide
plausible reasons for consumers to visit fake corporate Web
sites.
One e-mail in circulation claims to be from Washington Mutual,
with the return address appearing in inboxes as
service@wamu.com.
“Different computers have logged onto your Washington
Mutual Online Banking account, and multiple password failures were
present before the logons,” the message reads. “We now
need you to re-confirm your account information to us. If this is
not completed by Jan. 15, 2005, we will be forced to suspend your
account indefinitely, as it may have been used for fraudulent
purposes.”
Some of the most convincing scams involve companies that
typically interact with customers through the Internet ““
brands like PayPal, which eBay auction winners use to purchase
goods, Lanford said. But legitimate organizations don’t
solicit private information on the web, she added.
“If there’s a problem, you’re going to get a
phone call,” she said. “It’s not going to come
via an e-mail. Basically, all of these are scams.”
Nancy Greenstein, director of community services for university
police, said while her department received numerous reports of
online fraud at the start of the school year, the number of
complaints has declined.
Consumers who are timid when it comes to alerting companies
about fraud may be missing out on the chance to retrieve their lost
money. Betty Riess, a Bank of America spokeswoman based in San
Francisco, said banks will reimburse customers who fall victim to
the scams.
She said her company has collaborated with federal authorities
to shut down a number of fake sites, but that the real goal is
increasing awareness. Like most other major banks, Bank of America
has a link on its Web site directing users on ways to fight online
fraud.
Lanford said disseminating information about scams is the
keystone in consumer protection, as it is nearly impossible to
prosecute the majority of perpetrators since most operate
overseas.
Ronnie Manning, a spokesman for Websense, which provides
statistics to the Anti-Phishing Working Group, said the original
phishing sites were probably made several years ago by a hacker
trying to gain recognition on the Internet.
According to the Anti-Phishing Working Group, hackers coined the
word “phishing” around 1996 to refer to the practice of
stealing America On-Line accounts. By the mid-’90s, there was
an Internet market for “phish” ““ infiltrated
accounts hackers would exchange for software they needed.
Using the sequence “ph” in place of “f”
is a tribute to an original form of telephone system hacking known
as “phreaking.”
Phishing’s effectiveness led to its rising popularity,
with the Anti-Phishing Working Group estimating that about 5
percent of consumers fall for the ploy.
“Over the past year, it’s picked up a lot of speed
… basically for the reason that I said before: that there’s
money,” Manning said.