Main Blog
Our Web Store

PHISHING


"Phishing" is a general term for using what appear to be either the websites of, or e-mails that appear to be sent from, well known legitimate businesses. These fraudulent websites and e-mails are designed to deceive Internet users into revealing personal information that can be used to defraud those same users. In some respects, phishing is only distinguished from traditional identity theft and fraud because it involves employing the Internet as a means to obtain the wanted information. Specifically, the schemes themselves, and the uses of the information by the criminals who obtain it are not unique to the Internet. In addition, almost all are illegal under existing Federal criminal laws dealing with wire fraud.

This scope of this problem was highlighted in a recent Department of Justice report on phishing. According to the report: During 2003 and early 2004, law enforcement authorities, businesses, and Internet users have seen a significant increase in the use of phishing. Criminals create and use such e-mails and websites to deceive Internet users into disclosing their bank and financial account information or other personal data like usernames and passwords. The "phishers" then take that information and use it for criminal purposes, like identity theft and fraud. A growing number of phishing schemes exploit for illegal purposes the names and logos of legitimate financial institutions, businesses, and government agencies in North America, Europe, and the Asia-Pacific region; One industry organization, the Anti-Phishing Working Group (www.antiphishing.org) has reported that in January 2004, there were 176 unique phishing attacks reported to it--an increase of more than 50 percent over the number of reported phishing attacks in December 2003.

One difficulty in solving the problems of both spyware and phishing is that average computer users are not aware of the steps they can take to protect themselves. Most computer users today have access to security features that are either part of their operating system or web browser or that can be obtained through additional software available at little or no cost, features which can stop most spyware from ever being installed on a user's computer.

Unfortunately, many computer users fail to take advantage of these features, such as firewalls, anti-spyware programs, cookie-blockers, etc. or use them properly. Likewise, most phishing scams require the willing participation of the recipient to either visit a website or reply to an email and give out personal information. As in earlier forms of fraud using the mail or telephones, common sense and a healthy level of suspicion go a long way toward not becoming a victim of phishing. Users can protect themselves against many phishing predators by exercising heightened scrutiny and undertaking verification measures whenever they are asked for passwords, credit card numbers, banking information, or other personal information by someone online. To the extent that spyware, phishing, hacking, and spam now sometimes intersect in attacks on computers, the proper use of a firewall, anti-virus software, and various means of blocking unsolicited e-mail can address these other attendant ills and thwart most attacks.

A second major difficulty in solving both spyware and phishing is that many of those who are the beneficiaries of information gleaned from these practices are difficult to track and locate, and the most egregious abusers are seldom legitimate businesses or individuals who might be responsive to government regulation or civil penalties. Annoying but less harmful forms of spyware, particularly adware, are used by a number of legitimate companies that could be found and could be expected to comply with regulations. However, the worst spyware abuses and the vast majority of phishing would likely be unaffected by government regulation or civil enforcement.

A third difficulty in solving the spyware problem is that many legitimate and beneficial tools for making a user's computing and Internet experience more enjoyable are technologically indistinguishable from spyware that is used to harm users and computers. For example, a "cookie" is a small text file typically downloaded when a person visits a website, it stores personal information and information about the user's preferences to make navigation of the site easier and typically is only accessible and active when the user is visiting that website. Another example of a benevolent cookie would be the "shopping cart" cookie on many retail websites that allows the user to "carry" their purchases through the virtual store and to the virtual checkout.

However some cookies that are technologically similar in most respects could be used for less benevolent purposes, such as intentionally targeting the user with ads, or tracking the user's visits to other websites and communicating this information to the originating website upon a return visit. A cookie could also be used for even more malicious purposes to give a criminal access to personal information that would allow them to defraud or otherwise harm the user. Other programs that make use of "spying" capabilities such as parental monitoring software or technical support system monitoring software are clearly beneficial in the hands of authorized users but if installed on a computer by the wrong hands, could be used maliciously. These similarities in technological terms but differences in use exemplify why it is imperative for consumers, Internet Service Providers ("ISPs"), and lawmakers to deal with the problem of spyware and phishing not as particular technologies but as types of behavior that make illegal use of the Internet and various codes, programs, and software.

(excerpted from the U.S. Congressional Reporting Service & Modified by AntiHubris.com)