- The Washington Times - Sunday, February 15, 2004

E-mail security companies are warning about a new wave of spam messages made to look like solicitations from legitimate companies or government agencies.

The e-mails, or “phishing” messages, are designed to dupe unsuspecting e-mail users into giving up personal information such as credit-card, Social Security and personal identification numbers. Security companies said this form of spam has grown more common, and can infect computers with a virus or worm.

The messages first appeared on the Web last year, imitating billing and invoice messages from Internet service providers and online merchants such as EBay, PayPal and Amazon.com. In the past month, there have been phony e-mails contending to have come from government agencies, analysts said.

In January, the FBI and the Federal Deposit Insurance Corp. issued warnings about a phony e-mail telling consumers that insurance on their bank accounts had been suspended owing to possible violations of the USA Patriot Act. The e-mail directs consumers to a Web site where they are asked for identification and account information.

“These are professional criminals, and they’re getting better at it,” said Susan Getgood, senior vice president at SurfControl, a Scotts Valley, Calif., company that offers an e-mail-filtering service. “The inclination of a person receiving this is bound to be a desire to do something quickly.”

The FBI, the Federal Trade Commission and Internet service provider Earthlink first warned consumers about phishing e-mails in July. Since then, the number and variety of these messages have skyrocketed, SurfControl said.

SurfControl also warned against recent e-mails made to look like Internet security warnings from Microsoft, the world’s largest software maker. The message asks users to download a security patch to protect against a virus. But doing so releases a virus into the computer.

Phishing messages made up about 3.4 billion, or 4 percent, of the 85 billion messages scanned in January by Brightmail, a San Francisco e-mail-filtering company.

Some e-mail analysts downplayed the threat of phishing messages because they are easy to block and make up a small percentage of overall spam.

Postini, an e-mail-security company based in Redwood City, Calif., doesn’t track phishing messages. It instead targets more common and disruptive spam attacks featuring ads for pornography and get-rich-quick schemes.

Spam makes up more than 60 percent of all e-mail sent worldwide, costing businesses tens of billions of dollars in services and lost productivity, according to some estimates.

Phisher e-mails are “just another kind of spam,” said Andrew Lochart, Postini’s director of product marketing. “Certainly, the stakes are much higher, but these messages do still have the tell-tale signs of spam. We are able to stop the stuff.”

LOAD COMMENTS ()

 

Click to Read More

Click to Hide