Con men go ‘phishing’ to get consumer information

Beware of phishermen. In one of the fastest-growing scams on the Internet, con artists are sending out millions of “urgent” e-mail messages trying to get unsuspecting consumers to divulge personal information such as their Social Security numbers or the passwords for online accounts.

Some tell consumers the federal insurance on their savings accounts will be canceled unless they update their personal data. Others claim to be from Internet service providers redoing their billing lists. Still others say something has gone wrong with a credit- card transaction and that additional information is needed or the card will be canceled.

There are even links from the e-mail to Web sites that look just like legitimate bank or credit-card or online merchant sites.

But they’re not.

All are examples of “phishing,” and the scam artists take the information they gather to raid consumers’ bank accounts or charge thousands of dollars of merchandise or steal their identities.

The volume of such attacks is growing rapidly, said Naftali Bennett, chief executive of Cyota Inc., a New York-based antifraud firm that detected some 450 distinct phishing expeditions in March alone.

“It’s the perfect crime from the fraudster’s perspective,” Mr. Bennett said. “It’s easy to do, you get thousands of records and the risk of getting caught is very low.”

A study released earlier this month by the research firm Gartner Inc. found that an estimated 57 million consumers believe they may have received a fraudulent e-mail in recent years.

The study estimated that the losses that banks and credit-card companies incurred from fraud against consumers who took the phishers’ bait totaled $1.2 billion last year.

There are ways for Internet users to protect themselves, and experts say it starts with consumers being just as wary about giving out personal information online as they would be on the phone or in person.

“The red flag should be any request for personal information, especially from someone who says they need it right now or there will be dire consequences,” said Patricia Poss, an attorney with the Federal Trade Commission’s bureau of consumer protection.

Consumers who think they have received a phishing e-mail should not click on any Web links contained in the e-mail and, instead, forward it to the FTC’s collection site at uce@ftc.gov.

If they have responded to such e-mail, they should contact their banks or credit-card companies immediately to try to prevent account information from being misused, Ms. Poss said.

“Then, if you’re worried about identity theft, get a copy of your credit report and make sure nothing is going on,” she added.

The reports are available from the three major credit agencies — Equifax, Experian and TransUnion. Consumers also can file an ID theft complaint at the FTC’s site: www.consumer.gov/idtheft.

Story Continues →