Beware your email.
In the last six months, the number of phishing email scams has increased 1,200 percent,
putting end users and major companies at an even greater risk, according to a report from
MessageLabs Inc., a managed email security firm based in New York.
MessageLabs reports that last September its analysts had only seen 279 phishing emails. But
that number had risen nearly 800-fold to 215,643. Phishing emails peaked in January with
337,050.
”It’s a very dangerous trend,” says Paul Wood, chief information analyst at MessageLabs.
”It’s preying on people’s vulnerabilities. They’re being conned into downloading viruses
or giving away their financial information… Some people are having a lot of money
siphoned from their bank accounts.”
Phishing is the latest online scam financial scam. It’s a con game based on posing.
Spammers send out millions of emails claiming to be from legitimate organizations, such as
major U.S. banks or credit card companies. The spammers even fake the senders address so it
appears to be from the company they’re posing to be. The message in the email often says
there is a problem with the recipient’s account and it has been shut down. To reinstate the
account, or deal with whatever fictional problem the email refers to, the user is
instructed to click on a link that then takes them to a phony Web site.
The users are then led to what is often a perfect replica of the Web site that the spammer
is pretending to be. At this point, the victim is asked to ‘update’ his personal security
information, passwords, Social Security numbers, addresses and bank account information.
The information is then used to siphon money out of the victim’s bank account or to make
financial transactions with their money.
”In just six months, the number of phishing emails seen by MessageLabs has increased
exponentially — evidence that the number of individual scams has also risen
dramatically,” says Mark Sunner, chief technology officer at MessageLabs. ”For targeted
organizations, the impact can be high, including lost productivity, customer confusion and
complaints, damage to the brand and legal implications. For individual users, the financial
losses can be excessive. If allowed to continue unchecked, online phishing scams threaten
to undermine confidence in e-commerce as a whole.”
According to MessageLabs, in the United States, Citibank, eBay, PayPal, Wachovia, Visa and
Bank of America are on the list of major banks and online transaction companies that have
been targeted. In the United Kingdom, the perpetrators have gone after customers of
Barclays, NatWest and Lloyds TSB, among others.
The financial damage caused by online identity theft is not only mounting, it’s exploding
at a growth rate of about 300 percent a year, according to a 2003 study by the Aberdeen
Group, a Boston-based industry analyst firm.
Financial loss from identity theft is expected to reach $73.8 billion in the United States
by the end of this year — $221.2 billion worldwide, reports Aberdeen analysts. The current
trajectory — based on a 300 percent compound annual growth rate — has the figures
reaching $2 trillion by the end of 2005.
The virulent Mimail family of worms is on the scam.
Mimail-I and Mimail-J both carried out a phishing scam. Both try to induce users of PayPal,
owned by eBay, to enter their credit card information into a pop-up window. The victim has
to click on an attached program to activate the virus and Mimail-J also asks for a Social
Security number and mother’s maiden name, two key pieces of data essential for identity
theft.