Treasury issues phishing schemes alert, advice
- By Mary Mosquera
- May 26, 2004
The Treasury Department today warned against schemes in which identity thieves spoof government agencies and financial firms to gain sensitive and financial information from unsuspecting consumers in a report that also offers some tips on how to prevent 'phishing.'
In phishing schemes, an e-mail is sent to a consumer, directing him or her to a fraudulent Web site, which closely resembles the site for a legitimate organization, which may have wide name recognition or typically inspires trust. The spoofer typically asks consumers to update information, which identity thieves use to commit fraud.
Recent phishing e-mails have purportedly come from government agencies, legitimate financial-sector firms, Internet auction sites and electronic payment services. The government agencies include the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency, the Securities Investor Protection Corp. and others.
A recent private-sector report found that 1,125 instances of phishing were reported in April, 180 percent more than in March. The report found that financial-services Web sites are the most commonly spoofed.
Fraudsters victimize about 10 million Americans through identity theft, the country's fastest-growing white-collar crime. Operating across state and national borders, identity thieves cost U.S. business and finance at least $50 billion a year in fraudulent transactions.
'The report gives consumers even more information on how to detect, prevent and mitigate the effects of the identity theft scheme known as phishing, a crime that costs American consumers and businesses billions of dollars every year,' said Assistant Treasury Secretary Wayne Abernathy.
was released as part of a forum on identity theft held in Kansas City, Mo., and sponsored by Treasury and Bits, a financial-services industry consortium that addresses electronic-banking problems.
Measures which can prevent phishing attacks:Personalize e-mails to consumers so they are assured of their legitimacy Keep Web site certificates up to date Remind consumers to use the latest patch for their Web browser and operating systemPost on agency sites a telephone number for consumers to call to verify e-mail requests for sensitive informationRegister domain names that are similar to that of the agency so consumers do not confuse them with the legitimate siteContact the Internet Service Provider hosting the illegitimate site and ask that it be shut downContact law enforcement to pursue a subpoena or other appropriate remedy
File a complaint with the Federal Trade Commission at www.ftc.gov/idtheft and Internet Fraud Complaint Center, www.ifccfbi.gov/index.asp.
Mary Mosquera is a reporter for Federal Computer Week.