PHISHING
"Phishing" is a general term for using what appear to be
either the websites of, or e-mails that appear to be sent
from, well known legitimate businesses. These fraudulent
websites and e-mails are designed to deceive Internet users
into revealing personal information that can be used to
defraud those same users. In some respects, phishing is
only distinguished from traditional identity theft and
fraud because it involves employing the Internet as a means
to obtain the wanted information. Specifically, the schemes
themselves, and the uses of the information by the
criminals who obtain it are not unique to the Internet. In
addition, almost all are illegal under existing Federal
criminal laws dealing with wire fraud.
This scope of this problem was highlighted in a recent
Department of Justice report on phishing. According to the
report: During 2003 and early 2004, law enforcement
authorities, businesses, and Internet users have seen a
significant increase in the use of phishing. Criminals
create and use such e-mails and websites to deceive
Internet users into disclosing their bank and financial
account information or other personal data like usernames
and passwords. The "phishers" then take that information
and use it for criminal purposes, like identity theft and
fraud. A growing number of phishing schemes exploit for
illegal purposes the names and logos of legitimate
financial institutions, businesses, and government agencies
in North America, Europe, and the Asia-Pacific region; One
industry organization, the Anti-Phishing Working Group
(www.antiphishing.org) has reported that in January 2004,
there were 176 unique phishing attacks reported to it--an
increase of more than 50 percent over the number of
reported phishing attacks in December 2003.
One difficulty in solving the problems of both spyware and
phishing is that average computer users are not aware of
the steps they can take to protect themselves. Most
computer users today have access to security features that
are either part of their operating system or web browser or
that can be obtained through additional software available
at little or no cost, features which can stop most spyware
from ever being installed on a user's computer.
Unfortunately, many computer users fail to take advantage
of these features, such as firewalls, anti-spyware
programs, cookie-blockers, etc. or use them properly.
Likewise, most phishing scams require the willing
participation of the recipient to either visit a website or
reply to an email and give out personal information. As in
earlier forms of fraud using the mail or telephones, common
sense and a healthy level of suspicion go a long way toward
not becoming a victim of phishing. Users can protect
themselves against many phishing predators by exercising
heightened scrutiny and undertaking verification measures
whenever they are asked for passwords, credit card numbers,
banking information, or other personal information by
someone online. To the extent that spyware, phishing,
hacking, and spam now sometimes intersect in attacks on
computers, the proper use of a firewall, anti-virus
software, and various means of blocking unsolicited e-mail
can address these other attendant ills and thwart most
attacks.
A second major difficulty in solving both spyware and
phishing is that many of those who are the beneficiaries of
information gleaned from these practices are difficult to
track and locate, and the most egregious abusers are seldom
legitimate businesses or individuals who might be
responsive to government regulation or civil penalties.
Annoying but less harmful forms of spyware, particularly
adware, are used by a number of legitimate companies that
could be found and could be expected to comply with
regulations. However, the worst spyware abuses and the vast
majority of phishing would likely be unaffected by
government regulation or civil enforcement.
A third difficulty in solving the spyware problem is that
many legitimate and beneficial tools for making a user's
computing and Internet experience more enjoyable are
technologically indistinguishable from spyware that is used
to harm users and computers. For example, a "cookie" is a
small text file typically downloaded when a person visits a
website, it stores personal information and information
about the user's preferences to make navigation of the site
easier and typically is only accessible and active when the
user is visiting that website. Another example of a
benevolent cookie would be the "shopping cart" cookie on
many retail websites that allows the user to "carry" their
purchases through the virtual store and to the virtual
checkout.
However some cookies that are technologically similar in
most respects could be used for less benevolent purposes,
such as intentionally targeting the user with ads, or
tracking the user's visits to other websites and
communicating this information to the originating website
upon a return visit. A cookie could also be used for even
more malicious purposes to give a criminal access to
personal information that would allow them to defraud or
otherwise harm the user. Other programs that make use of
"spying" capabilities such as parental monitoring software
or technical support system monitoring software are clearly
beneficial in the hands of authorized users but if
installed on a computer by the wrong hands, could be used
maliciously. These similarities in technological terms but
differences in use exemplify why it is imperative for
consumers, Internet Service Providers ("ISPs"), and
lawmakers to deal with the problem of spyware and phishing
not as particular technologies but as types of behavior
that make illegal use of the Internet and various codes,
programs, and software.
(excerpted from the U.S. Congressional Reporting Service & Modified by AntiHubris.com)