Treasury issues phishing schemes alert, advice

The Treasury Department today warned against schemes in which identity thieves spoof government agencies and financial firms to gain sensitive and financial information from unsuspecting consumers in a report that also offers some tips on how to prevent 'phishing.'

In phishing schemes, an e-mail is sent to a consumer, directing him or her to a fraudulent Web site, which closely resembles the site for a legitimate organization, which may have wide name recognition or typically inspires trust. The spoofer typically asks consumers to update information, which identity thieves use to commit fraud.

Recent phishing e-mails have purportedly come from government agencies, legitimate financial-sector firms, Internet auction sites and electronic payment services. The government agencies include the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency, the Securities Investor Protection Corp. and others.

A recent private-sector report found that 1,125 instances of phishing were reported in April, 180 percent more than in March. The report found that financial-services Web sites are the most commonly spoofed.

Fraudsters victimize about 10 million Americans through identity theft, the country's fastest-growing white-collar crime. Operating across state and national borders, identity thieves cost U.S. business and finance at least $50 billion a year in fraudulent transactions.

'The report gives consumers even more information on how to detect, prevent and mitigate the effects of the identity theft scheme known as phishing, a crime that costs American consumers and businesses billions of dollars every year,' said Assistant Treasury Secretary Wayne Abernathy.

The report was released as part of a forum on identity theft held in Kansas City, Mo., and sponsored by Treasury and Bits, a financial-services industry consortium that addresses electronic-banking problems.

Measures which can prevent phishing attacks:

  • Personalize e-mails to consumers so they are assured of their legitimacy

  • Keep Web site certificates up to date

  • Remind consumers to use the latest patch for their Web browser and operating system

  • Post on agency sites a telephone number for consumers to call to verify e-mail requests for sensitive information

  • Register domain names that are similar to that of the agency so consumers do not confuse them with the legitimate site

  • Contact the Internet Service Provider hosting the illegitimate site and ask that it be shut down

  • Contact law enforcement to pursue a subpoena or other appropriate remedy
  • File a complaint with the Federal Trade Commission at www.ftc.gov/idtheft and Internet Fraud Complaint Center, www.ifccfbi.gov/index.asp.


  • About the Author

    Mary Mosquera is a reporter for Federal Computer Week.

    inside gcn

    • russian email hack (Bakhtiar Zein/Shutterstock.com)

      Mueller indictment details hacks on state election systems

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group