The best phishin' hole around these days is the World Wide Web. A study by a leading research firm finds that checking account theft is the fastest-growing consumer fraud in the country -- and most of it occurs on the Web.
Based on a poll of 5,000 online U.S. adults, the Gartner study shows that some 1.98 million consumers have been victimized by checking-account fraud, resulting in $2.4 billion in losses.
Some 57 million U.S. Internet users have received fraudulent, phishing e-mails, according to Gartner, and about 1.7 million of them may have been tricked into divulging personal information. Roughly 76 percent of the attacks occurred since last October.
Most of the losses occur through "phishing" expeditions, in which counterfeit e-mails appearing to be from banks and other financial institutions are sent to millions of Internet users, asking the user to verify his or her account balance, Social Security number and other information.
The user clicks on a link in the e-mail and is taken to a site that, through the use of stolen logos and carefully copied color schemes, looks just like the real thing. The consumer provides the information requested and thereby gives the scam artists access to the consumer's checking account.
Other methods include the use of "spyware." These programs are installed sureptitiously on consumers' computers, often by clicking on a pop-up ad. Once installed, the program records key clicks, enabling crooks to learn the consumers' user IDs and passwords.
What To Do
Consumers need to be very careful and regard the Internet as though it were hostile territory. A few simple rules:
• Never click on a link in an e-mail that claims to be from your bank, credit card issuer or other financial institution. Instead, type the Web address into your browser. This ensures that you go to the correct site, not a counterfeit version.
• Never respond to any request -- e-mail, telephone, door-to-door -- from anyone who claims they must "verify" your identity, account number, balance, etc. If in doubt, call your bank or service provider directly.
• Don't use computers in public places to access bank accounts or other sensitive data. Your user id and password may be retained and made available to others.
• Restrict access to your computer. If you leave your computer running all the time, you should log off whenever you leave your desk. It only takes a minute for someone to sit down at your machine and swipe valuable information on your machine.
• Check your bank account and credit card statements carefully ... and promptly. It's the only way you'll know if you've been robbed.
A newly revised FTC Consumer Alert, How Not to Get Hooked by a Phishing Scam warns consumers who receive e-mail that claims an account will be shut down unless they reconfirm their billing information not to reply or click on the link in the e-mail. Consumers should contact the company that supposedly sent the message directly. More tips to avoid phishing scams can be found at www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.
Businesses Organize
Meanwhile, a global consortium of businesses has established the Trusted Electronic Communications Forum (TECF), targeting phishing, spoofing and other online identity fraud tactics.
Founding members include AT&T; Wireless, Best Buy, Charles Schwab, CipherTrust, DirecTV, E*Trade, Fidelity Investments, GE Access, HSBC, IBM, National City Bank, PostX Corporation, Royal Bank of Scotland and Siebel Systems.
