Online fraudsters always a step ahead?
AP
, NEW YORK
Sunday, Apr 04, 2004,Page 11
Mark Nichols runs an online gift shop and considers himself Internet
savvy. Yet like so many other Web surfers, he got duped by an e-mail
scam anyhow.
A message saying it was from eBay Inc asked Nichols to submit his
password and other personal information to a Web site. The e-mail had
arrived shortly after Nichols' credit card had expired, so he didn't
suspect the site was phony.
"I was thinking, `You're right, I do need to go update my account,' and
sure enough, I fell for it," said the Crosby, North Dakota man.
As these so-called phishing scams proliferate, companies are sharpening
technological tools to counter them. Education alone, many agree, isn't
enough.
Anti-phishing software is apt to soon be added to the arsenal of
digital shields forged to stop spam, viruses and hacking. Security
companies are also building tools for banks and merchants to use behind
the scenes.
Phishing scams have been around for years but have in recent months
become more numerous -- and sophisticated.
Scammers now copy and paste Web coding from real sites like Citibank's
to give their fraudulent messages and the sites they lead to an aura of
authenticity.
They register Internet addresses that look real, subbing the letter "l"
with the numeral "1," for instance. A few messages even carry ads for
that aura of authenticity.
"What used to be a game and a prank has now been recognized as
something that can be lucrative and has attracted organized efforts,"
said Bill Harris, chairman of PassMark Security LLC and former chief
executive of PayPal, a frequent phishing target.
The Anti-Phishing Working Group, formed in October by industry and law
enforcement, identified 282 new phishing scams in February, up from 176
a month earlier. About 70 percent have been traced to eastern Europe or
Asia, said David Jevans, the group's chairman.
A 19-year-old Houston man now faces up to 15 years in prison after
pleading guilty to opening accounts and making purchases using
information captured through phishing. For the most part, however,
techniques scammers use and their locations abroad make them difficult
to catch.
Jevans said no hard numbers are available on monetary losses from
phishing, which represents only a sliver of overall fraud. The greater
cost, he said, is in consumer confidence: Banks might suffer if
customers shun online banking and insist on using more expensive
tellers.
In Nichols' case, he realized his error early enough, so he quickly
changed his eBay password. But the scams can be costly.
To fight back, eBay in February added an Account Guard feature to its
toolbar for Microsoft's Internet Explorer browser. A green light
appears when users are on a site run by eBay or its PayPal subsidiary.
The light goes red for known fraudulent sites. A warning also appears
any time users try to enter their eBay or PayPal passwords elsewhere.
Rob Chesnut, eBay's deputy general counsel, said the company went with
technology because education was a tough proposition.
"It's quite easy for spoofers to create a page that looks like an eBay
or PayPal page, so you can't teach users about the look of a page," he
said.
PostX Corp takes a similar approach, displaying green when e-mail has
been digitally signed and verified, red when it shows signs of fraud.
Others carry yellow.
The company's plug-in tools for browsers and e-mail programs, slated
for release by June, will look for four basic phishing techniques,
including a Web address that appears on-screen as one thing but has a
different site embedded in the link.
Jeffrey Guilfoyle, a vice president at security company Solutionary
Inc, said that while technology offers a quick fix, "from a longer-term
perspective, education of the user base is really the only way to do
that. Technology is always lagging."
This story has been viewed 1057 times.
|