- The Washington Times - Tuesday, November 23, 2004

The number of Web sites used to steal private account information from online consumers surged in October, as banks and other financial institutions continued to struggle against Internet “phishing” schemes.

In phishing, scam artists send fraudulent e-mails to consumers to lure them to Web sites that appear to be the home page of a well-known bank or credit-card company. The e-mails instruct the consumer to leave account information on the site, which the scammers then use to steal the person’s identity.

Last month, 1,142 sites were used for phishing, up 110 percent from the 543 sites reported in September, according to a report last week by the Anti-Phishing Working Group, a consortium of computer-security firms that tracks the online attacks.

Almost 6,600 different phishing messages were reported to the group in October. The number of unique phishing e-mails has grown an average 36 percent each month since July.

These data reflect only the number of messages and sites reported to the Anti-Phishing Working Group, so the number of schemes could be much greater.



“It’s on the rise because it’s so easy to do,” said David Zumwalt, chief executive of Privacy Inc., an online security firm in Dallas that develops software to protect e-mail addresses.

Thieves can operate a phishing scheme by setting up a Web site on a server, usually in a foreign country and then churning out multiple e-mails, or spam, to lure consumers in the United States to the site.

“The bad guys are becoming more sophisticated. It’s not just teenager hackers anymore. It’s criminals,” said Shannon Kellogg, a Massachusetts security executive and the treasurer of the National Cyber Security Alliance, a group of public agencies and private companies that work to educate consumers about online security.

Identity theft affects 10 million Americans each year, according to the Federal Trade Commission. Last year, 57 million Americans received a phishing e-mail, and the scams cost banks and credit-card companies $10.2 billion, according to Gartner Inc., a Stamford, Conn., technology research group.

The financial services industry is the top target of phishing schemes. Of the 44 established corporate “brands” such as Citibank and SunTrust that phishers hijacked in October, 73 percent came from the financial sector, the Anti-Phishing Working Group report stated.

Electronic commerce companies such as EBay Inc. are also frequent phishing targets.

A phishing e-mail making the rounds this month was designed to appears to be from Citibank, one of the nation’s largest banks.

The message informs the consumer that the account had been “placed on Hold status” due to “regular maintenance of our security measures.” The e-mail directs consumers to a Web site where they are instructed to re-enter their account information and reset their password.

Banks are trying to combat phishing by educating their consumers about “spoof” e-mails.

SunTrust Banks Inc., for example, has posted a message about phishing on its Web site and mailed a brochure about online fraud with each customer’s statement.

“The bottom line is that we tell our customers we’ll never ask for their personal information in an e-mail,” said Hugh Suhr, a SunTrust spokesman.

In August, the Justice Department announced that more than 150 people had been arrested, charged or convicted during a summertime sweep of criminal activity on the Internet. Many of the cases centered on phishing.

The FBI has reorganized its efforts to combat cyber crime, in part because international crime rings have been flocking to the Internet.

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide