Internet scams getting banking users rise in June

Online thieves are luring a growing number of Internet banking customers to fake Web sites in so-called “phishing” schemes intended to steal account information.

Phishing attacks, which rely on fraudulent e-mails to beckon people to seemingly authentic Web sites, surged 19 percent in June, according to a report to be released today.

The fast-growing scam may be more widespread than it appears because banks likely are not reporting all the attacks against consumers.

Phishing attacks rose to 1,422 in June, up from 1,197 in May, according to the Anti-Phishing Working Group, a nonprofit group tracking the online threat.

The increase means consumers who bank online remain vulnerable to phishing, and banks are struggling to stop it, said Jeff Ready, vice president of Tumbleweed Communications Corp., a Redwood City, Calif., software company that started the Anti-Phishing Working Group.

“People haven’t yet come around to understand that there are these scams out there,” he said.

Phishing attacks have risen precipitously since December, when just 116 attacks were initiated.

The number of phishing scams probably is even higher than figures from the Anti-Phishing Working Group indicate, said Mark Mendelsohn, senior counsel at the Justice Department’s computer crimes and intellectual property section.

Some banks are hit by multiple phishing attacks each day.

“I know those aren’t all being reported to law enforcement,” Mr. Mendelsohn said.

Banks aren’t reporting all phishing attacks because they don’t want to undermine consumer confidence in online banking, he said. Failing to report all scams makes it harder for law enforcement to catch online thieves.

But an industry official said banks may not know about each phishing attack against consumers. Since banking customers are the targets of phishing schemes, financial institutions rely on consumers to discover when thieves initiate a new attack, said Doug Johnson, senior policy analyst for the American Bankers Association.

“The reporting infrastructure is still developing. I don’t think [underreporting] is purposeful,” Mr. Johnson said.

About 1.9 million people reported their checking accounts were breached in the past year, accounting for $2.4 billion in fraud, Gartner Inc., a technology research firm in Stamford, Conn., said in May. An estimated 57 million people received a phishing e-mail last year.

Citibank customers were targeted most often in June, with 492 separate e-mail scams directed toward its 1.6 million online banking customers. That was up from 370 e-mail attacks in May.

Story Continues →