A recent Gartner survey of 5,000 online buyers found that phishing has increased by nearly 30 percent during 2005. Gartner, an international information technology industry provider, suggests that consumer confidence concerning online purchases and financial activities may drop substantially, resulting in a 1-3 percent decrease in online business.
Phishing, also called carding or spoofing, is an attempt to gain confidential consumer information— such as credit card numbers or bank usernames and passwords— through seemingly legitimate e-mails or instant messages. The recipient is asked to access a bogus website. A phishing e-mail often warns of dire consequences if the victim fails to respond, such as fee increases or losing certain privileges from a service provider.
Gartner found that more than one million consumers lost a total of around US$925 million during 2004 due to phishing attacks. Nearly 90 percent of phishing victims were reimbursed their stolen funds.
The Anti-Phishing Working Group's (APWG) latest trend report showed that the number of active phishing sites increased by almost 17 percent between April and May of 2005. APWG found 3,326 US phishing sites in May 2005, versus 1,142 in October 2004.
The US is home to 34 percent of the world's phishing sites discovered during 2005. China came second, with 15 percent of all phishing sites, while Korea, with 9 percent, was third. In 2004, 42.4 percent of all discovered phishing sites were in the US, 16.1 percent in Korea, and 9.7 percent in China.
Phishing scams reported by individuals increased from 6,957 cases in October 2004 to 14,987 cases in May 2005.
The Federal Trade Commission (FTC) filed the first lawsuit against an alleged phisher in January 2004. The suspect, a young Californian teenager, established a sham America Online website to steal credit card numbers from AOL customers.
On February 28, 2005, US Senator Patrick Leahy introduced the "Anti-Phishing Act of 2005" on the Senate floor. "Early phishing attacks were by novices, but there is now evidence that some attacks are backed by organized crime. Some of the attacks these days also include spyware, a type of software that is secretly installed on the victim's computer to surreptitiously capture account information when the victim visits legitimate websites," says Senator Leahy.
Senator Leahy's bill criminalizes the act of phishing and setting up phishing websites. Proposed penalties include fines of up to US$250,000 and prison terms of up to five years.
In May 2005, the United Kingdom introduced its new Fraud Bill, which criminalizes phishing. Anyone found guilty may be sentenced to up to 10 years in prison. The proposed law addresses extradition of those operating in other countries, false representation, and participation in fraudulent activities.
On March 31, 2005, Microsoft Corp. filed 117 civil lawsuits in the US District Court in the Western District of Washington State against suspected phishers. Since January 2004, Microsoft has been active in shutting down 1,700 phishing operations.
The Pew Internet & American Life Project released two surveys this month. Pew interviewed 1,336 Internet users by telephone and found that 81 percent had stopped opening email attachments unless they first ascertain their safety through some kind of software. 48 percent will no longer visit any web site unless they are certain that it does not deposit unwanted programs on their computer.
Pew also surveyed 2,001 adult Internet users and found that only 29 percent knew what phishing is. 55 percent of respondents had a hazy idea, while 15 percent had never heard of phishing.
A consumer alert entitled "How to Not Get Hooked by a 'Phishing' Scam" is accessible at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm .
Feeds