Phishing on the rise

Most users put away the rod and reel in winter, but not phishers.

A recent analysis by a security industry group found that e-mail fraud attacks grew by 50 percent in January over the month before. The Anti-Phishing Working Group said it counted 176 new attacks during the month, an average of 5.7 each day.

'Phishing' has become the term for spoofing return addresses, links and brand-name information to trick recipients into disclosing personal and financial data. The fraudulent messages in a phishing expedition usually are not targeted but simply broadcast to as many addresses as possible. The anti-phishing group reported that up to 5 percent of recipients do respond to the faked e-mails.

The Federal Trade Commission received more than 500,000 complaints of consumer fraud and ID theft last year, up from 400,000 in 2002. Internet fraud accounted for 55 percent of all reports last year, up from 45 percent the year before.

Victims reported losses of $437 million in 2003, $200 million of that from Internet fraud.

Phishing not only is getting more common, it is more sophisticated. About 8 percent of the attacks in January used a vulnerability in the Microsoft Internet Explorer browser that lets Web addresses be disguised to send victims to a fraudulent address. More of the attacks also are fooling recipients into downloading malicious code, such as key-loggers and back doors that leave computers vulnerable to future exploitation.

'The spam epidemic has evolved from a nuisance to a real security threat of financial crime and identity theft,' said Dave Jevans, chairman of the anti-phishing group.

Besides direct financial harm to victims, phishing also undermines the reputations of legitimate online companies whose identities are spoofed.

The most commonly spoofed address in January was eBay.com, and the most commonly spoofed sector was financial services.



About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.