|
Thursday, 26 January 2006 |
It sounded serious and looked legit. Megan Rosati, a 22-year-old recent college grad, received an E-mail, addressed to her - from what appeared to be her bank, Citibank. The message was urgent, telling her to "confirm security information."
So, she followed the instructions and clicked on the linked Web site. She promptly filled in the blanks, including her name, password, and account number.
By the next day, Rosati knew she had made a grave mistake. "Over $1,600 was missing from my bank account." The money was withdrawn from ATMs located as far away as Greenwich, England.
Like millions of Americans, Rosati was the target of a phishing scam - a cyber fraud aimed at getting you to fork over your credit card information, Social Security number or other personal data. The goal: to clean out your bank account or set up new accounts using your identification.
Fortunately, when Rosati notified CitiBank, she was able to convince officials that she had been robbed and the bank gave her $1,600. But many are not that lucky, and the money is not returned.
Brazen cyber thieves have been around for years. But now the phishers have gone from savvy kid hackers to sophisticated criminals. And they are stepping up their fleecing efforts with more aggressive, more targeted and more technologically advanced Internet scams.
Newer bogus E-mails are sometimes personalized. They come after you with urgent messages - ironically telling you must do something quickly to avoid a security breach. And they are mimicking legitimate sites down to the logo and the language.
The number of people falling prey to phishers is growing as rapidly as the annoying spam piling up in your inbox.
Last year Internet bad guys cost American Web surfers nearly $1 billion, according to a recent survey by Gartner Group. The same study found that as many as 73 million adults were hit by 50 phishing E-mails last year, up 28% from the year before.
"Its skyrocketing," said Andrew Weinstein, a spokesman for America Online. "Its the most potentially destructive danger on the Internet."
Traditionally, phishers have targeted the customers of major institutions, like big banks, or shopping sites like eBay, or PayPal, the giant online payment facilitator.
But in another new twist, called "puddle phishing" they are now going after the customers of smaller regional banks and credit unions. Because the crooks are targeting a smaller group, their pitches can seem more credible, making the targets even more vulnerable.
"This started in late 2004 and gained momentum in 2005," said Bill Rosenkrantz, group consumer product manager, for Symantec, a security company. "Its worth it to the (phishers) to go after the smaller banks."
Even if you are smart about not revealing your information, you could be in trouble just by clicking on a link in a bogus E-mail. Clever hackers now fill scam Web sites with dangerous viruses that could infect your computer when you visit the site.
"Once the computer is infected the hacker can track every key stroke or steal all of your personal information," Weinstein said.
Getting educated about the perils of phishing is your first line of defense. "A majority of threats can be addressed by employing common sense," Symantecs Rosenkrantz said. |
