- The Washington Times - Thursday, May 20, 2004

Scam artists are becoming more aggressive in trying to steal personal information through bogus Web sites claiming to represent legitimate banks and online retailers.

Internet experts are warning of a nearly 200 percent increase in “phisher” sites, which prompt consumers to type in credit card and Social Security numbers and other personal information, leading to thousands of cases of identity theft each year.

Most often, consumers are directed to the site by spam e-mail designed to look like they came from companies such as EBay or Citibank.

There were 1,125 reported phishing attacks in April, up from 402 in March, and 28 in November, the nonprofit Anti-Phishing Working Group reported. Each attack represents as many as several million e-mail messages designed to lure people to hand over information.

Brightmail, a San Francisco e-mail filtering company, said phishing e-mail made up 2.9 billion messages in March, up from 300 million in August last year.

Phishing e-mail usually directs consumers to Web sites that are indistinguishable from legitimate ones, and the designers of the sites select domain names that are very close to the real sites.

“A year or so ago, some of these Web sites were easy to spot,” said EBay spokesman Chris Donlay. “Some of these bad guys are getting more sophisticated … it’s becoming harder and harder to tell the difference.”

Government officials said consumers should be wary of any e-mail that asks for personal information.

“Our best advice is to not click on any links,” said Patricia Poss, a staff attorney with the Federal Trade Commission. “The best thing to do if you are unsure is contact the [legitimate] company directly.”

Law-enforcement officials have had some success in catching people involved in phishing.

A Texas man this week was sentenced to 46 months in prison after pleading guilty to stealing 473 credit-card numbers through e-mail and Web sites designed to look like America Online and PayPal.

Discovering who is behind the phishing attempts is not easy.

“They are tough to find, and nine times out of 10, even if you find the person who sent it, you haven’t found the person who’s funding it,” said Karl Jacob, chief executive officer for Cloudmark, a San Francisco antispam company.

The financial effect of such messages is far greater than a typical spam one, analysts said. Phishing results in more than $1.2 billion each year in financial losses, Gartner Inc., a Stamford, Conn., technology research group, estimated this month.

About 57 million Americans received at least one phishing e-mail message in the past year, Gartner said.

Of those, 11 million followed the message’s instructions, and about half of those who responded became victims of identity theft.

“It’s very big money, it’s very expensive and it costs a lot of money to stop,” said John Levine, co-chairman of the nonprofit Internet Research Task Force’s Anti-Spam Research Group.

Some analysts suggested that phisher sites could harm so-called electronic commerce, as people become wary of using the Internet.

“Some people will just stop transacting,” Mr. Jacob said. “It’s too hard on the Internet to figure out who to trust in some cases.”

Researchers are working on ways to help consumers distinguish between e-mail from scam artists and legitimate companies.

Yahoo yesterday released specifications for DomainKeys, a system it designed to authenticate who is sending e-mail.

Microsoft is developing its own system, known as Caller ID for E-mail. America Online has endorsed a similar system known as Sender Policy Framework, which may be combined with Caller ID. The Internet Engineering Task Force, which sets standards for the Internet, is examining all three proposals this week.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide