Phishing (definition) (FISH.ing) pp. Creating a replica of an existing web page or HTML email input form to fool a user into submitting personal, financial, or password data. —adj.

Today phishing seems to be one of the most serious new scams on the Internet. Now hackers and spamming companies not only bother you with thousands of unwanted emails each day but also, you might be the victim of a phishing attack! Phishing refers to the activity by hackers who simulate a legitimate organization and use e-mails to persuade people to share their personal and private financial data. No, this is not a bad joke: phishing attacks involve the mass distribution of "spoofed" email messages with return addresses, links, and branding which appear to come from well known banks, insurance agencies, retailers or credit card companies. The result of these scams is that consumers suffer credit card fraud, identity theft, and financial loss.

So what’s the deal here? Well, for starters, to most Internet users the emails and web sites are indistinguishable from legitimate business communications. Secondly, trusted sources reveal that by hijacking the brands of well-known banks, online retailers and credit card companies, phishers are able to induce up to 5% of recipients to respond to them. How far can these unscrupulous companies and individuals get? Farther than most of us would think. Last Nov. 8, a man in Sydney, Australia, was imprisoned for more than five years for duping people into sending him millions of dollars in a global Internet ruse known as the Nigerian scam. He presented himself as someone who needed access to a Western bank account in order to transfer a large sum of money out of a politically troubled country. Criminals taking part in the Nigerian scam would then promise the innocent email recipients a share of the money, but ask for a smaller upfront cost - in the concept of an ‘administration fee’ - before the larger sum can be transferred. This way they make millions! Although this man pleaded guilty at the Sydney Court, chances are it will take much more than one guilty man imprisoned to get this problem under control.

According to APWG’s Phishing Attack Trends Report (July 2004), the most targeted industry sector for phishing attacks continues to be Financial Services, both from the perspective of total attacks and the number of companies targeted. Retail is second, whereas ISPs are third. Citibank seems to be the company whose brand was hijacked most often by phishers. Some other recent phishing targets include AOL, Suntrust, Earthlink, Wells Fargo, MBNA, Charlotte's Bank of America, Paypal, Fleet, Best Buy and eBay.

Although the United States is the top country in terms of the total number of hosted phishing web sites, other nations engaging in phishing attacks include Russia, the UK, Mexico and many Asian countries such as South Korea, China and Taiwan – among others. APWG’s report indicates that that approximately 35% of phishing web sites are hosted on exploited machines, unbeknownst to their owners. Because they are fake, phishing web sites normally do not have a long life span. The average life span for both phishing and fraud sites, measured by how long they continue to respond with content, does not go beyond a week.

Think you are covered because you know what phishing is and you have an idea on how to handle these attacks, sit back because you have not heard it all. Research indicates that the dramatic increase in the number of fraud-based websites over the past few months may result not only in identity theft, but also in the false belief that you have purchased something online when in fact, you have not! Unlike phishing attacks that hijack the brand of trusted e-commerce or financial institutions, these web sites are presented as generic ecommerce sites. How do they operate? Well, users believe they are ordering legitimate products or applying for a legitimate mortgage when in reality, they are becoming fraud victims. The most common fraud-based web sites are fake loan scams, mortgage frauds, online pharmacy frauds, and fake online banking institutions. In addition to the direct cost of fraud and the enduring effects of identity theft for consumers, the growth of criminal spam threatens the integrity and brand of organizations that do business online.
Phishing attacks are growing quickly both in number and sophistication. If you have been tricked this way, you should assume that you will become a victim of credit card fraud, bank fraud, or identity theft. Some basic advice on what to do in this situation if you have given out your credit, debit or ATM card, or bank account information, is to report the theft of this information to the card issuer or the bank as quickly as possible. Canceling your account and opening a new one is advisable in addition to reviewing your billing statements carefully after the loss.
How can you solve your company’s email problems and keep the right information flowing? Phishing is one of the most dangerous forms of spam, thus if you are worried about the problem of phishing, online fraud, and email spoofing, you should first control the spam in your mailbox and report those who are sending it. To take an active role in the fight against spam, you can become a member of the Anti-Spam League for free and learn how to detect and recognize potential phishing and online fraud threats. Find out how by visiting www.Anti-Spam-League.org

BACK

About the Author

The purpose of the Anti SPAM League is to help consumers and business owners reduce the amount of SPAM they receive. In addition, our Anti SPAM organization believes that educating site owners in the area of SPAM prevention and ways to successfully and responsibly market their sites, is key in making a difference.