Phishing with the Net
eWeek and many others are reporting that phishing scams are on the rise. In fact, during the month of March, over 400 phishing attacks, each sent to millions of addresses, were reported. Though some of these get caught in junk e-mail filters, many may make it through.
Phishing is the practice of sending out e-mail which spoofs a popular brand. This is usually part of a scam urging customers to type their password, social security number or credit card number into a mock web site, one which may look and function like -- at least on the surface -- the real site.
The come on usually starts with an urgent plea from a well known financial institution or well trafficked Web site, probably one most people have done business with in the past. The message explains that failure to provide your social security number/credit card/whatever will result in your account being closed or locked out. There are, of course, variations on this theme and the occasional creative twist.
Before the term phishing was in common use, we warned our customers about such scams and sites. There are now many sites, such as The Anti-Phishing Working Group, whose sole purpose is to document such attacks. The FTC has published a list of steps consumers can take to protect themselves from such scams.
It's estimated that phishing attacks scammed consumers out 1.2 billion dollars last year. Despite all the warnings and media attention that phishing is getting, the number of attacks are increasing at an alarming rate. The Anti-Phishing Working Group announced that they received over 1,100 reports of unique phishing attacks in April.