Phishing, Anyone?

Do you know what "phishing sites" are?

Joe Anybody gets an email saying his account will be deleted if he doesn't update his information. Joe clicks the link, and fills out the form on a familiar looking site. The only trouble is...

The email used a forged address, and the site that opened was copied to look like the site where he has an account. Joe entered whatever personal details were asked for and submitted his information to a scam artist.

That's one scenario, to learn more about this unique kind of internet scam, check out this article on the Milwaukee Journal Sentinal web site. It's a growing problem that everyone should be aware of.

FBI warns of new Internet scam

Fake e-mail, Web sites trick people into divulging financial data

By STANLEY A. MILLER II
Last Updated: July 21, 2003

Spam e-mail and phony Web sites are increasingly trying to trick consumers into giving away their personal and financial information, the FBI and Internet experts say.

Several large businesses - including banks, Internet service providers and online merchants - have been targeted recently by people who send out "spoofed" e-mail masquerading as messages from the companies' accounting or customer service departments.

The scam artists send out unsolicited e-mail that typically tells recipients their account information is incomplete or expired and provides a link to fake Web pages called "phishing sites," where the victims are asked to type in their data. The spam e-mail looks like it came from the legitimate company.

When people plug their personal information into the phishing Web sites - often near-perfect replicas of real sites - the data is sent to thieves, not legitimate companies.

"Bogus e-mails that try to trick customers into giving out personal information are the hottest and most troubling new scam on the Internet," Jana Monroe, assistant director of the FBI's Cyber Division, said in a statement. The FBI issued a warning Monday about the phony e-mail messages.

The FBI says Web spoofing scams are contributing to a rise in identity theft, credit card fraud and other Internet scams. The agency's Internet Fraud Complaint Center has seen a steady increase in complaints from consumers who were directed to phony "customer service" Web sites by unsolicited e-mail.

The number of online fraud complaints the agency received rose 67% last year to more than 75,000, and consumers reported losses from online fraud totaling $54 million, the agency reports.

The Federal Trade Commission reported earlier this year that cases of identity theft increased about 88% last year, with 161,800 identity theft complaints, up from 86,200 in 2001. Identity theft accounted for 43% of all its fraud complaints, according to the report.

Service providers conned, too

John Ecker II of The Park Net, a Brookfield Internet service provider, said e-mail spoofing requires no technical expertise, and companies hosting scam Web sites might not even be aware of it because they are victims, too.

"I'd encourage people to have a healthy suspicion of spam, period, whether it seems legitimate or not," he said. "Always check the URL (Web address). If it says it is coming from Capital One, then it better be going to capitalone.com."

Last month, some Earthlink subscribers received what appeared to be an e-mail from the company's technical support department. Their account information was not up to date, the message said, and if they wanted to avoid an interruption in service, they should fill out the form and send it back.

"If you do not update your credit or debit card information you may no longer be able to use Earthlink," the fake message claimed.

It asked for a credit card number, e-mail password and other sensitive information.

Carla Shaw, an Earthlink spokeswoman, said the company's network abuse team has seen a rising tide of phishing expeditions. The company blocks access to scam Web sites when it learns of them. The company also contacts the firms hosting the phishing Web sites and asks them to be shut down.

"These scams are increasing," she said. "We have also seen an increase in sophistication."

Earthlink spotted phishing frauds about once a month last year; this year, the company encounters one or two a week.

Large Internet service providers such as Earthlink - which has about 5 million subscribers - are big marks for spammers looking for phishing victims. Several companies running e-commerce operations have been targeted, including the online payment service PayPal and electronics retailer Best Buy.

Fraud alert was fraudulent

Carol McKay, spokeswoman for the National Consumers League, a non-profit consumer group in Washington, said scammers recently mass e-mailed a fake message with the subject line: "Best Buy Order . . . Fraud Alert," telling recipients that someone had made suspicious purchases in their names. It asked the recipient to contact Best Buy by clicking a link in the e-mail that would then take them to a fake Web site for Best Buy's fraud department.

On the site, people were asked to enter credit card and Social Security numbers, then click to send it to those running the scam.

Any company doing business on the Internet - and any person using their services - could get hooked.

"Before March, we had not seen anything like this, but from March until now, we have seen five or six a month," said Susan Getgood, a senior vice president at SurfControl in Scotts Valley, Calif., which makes Web and e-mail filtering software.

Getgood said that scammers use phishing to cast a wide net because "they just need to get a few of you."

"Spam is the organized crime of the Internet, and this is the ultimate crime to date because it damages the victim, and it is also damages the brand of the companies."

Top of Page