Phishers slip through web loopholes.
The growing sophistication of phishers has left the majority of Americans unable to tell the difference between legitimate and scam e-mail, a survey released indicated.
Despite continued efforts of researchers, security providers and online businesses to discourage phishing schemes and shut down related Web sites, some criminals are still able to flout the system and find ways to keep their illicit operations up and running.
Nearly a quarter of online people in the United States have found themselves the target of the online con artists, and roughly one in five knows a friend or family member who has been duped, according to the second annual survey by America Online Inc. and the National Cyber Security Alliance.
Pointing to the effectiveness of phishers, 70 percent of U.S. consumers receiving scam e-mails believed they might be from legitimate companies.
An example of one type of phishing attempt that still manages to frustrate do-gooders appeared online in early November, in the form of a Christmas-themed Web site that mimics the name, look and feel of online auctioneer eBay Inc. in an effort to steal its customers’ account and password information.
Phishers are getting more adept at tricking consumers into revealing their bank account and personal financial information, and most Americans cannot tell the difference between legitimate correspondence and the growing flood of scam e-mails that can lead to fraud and identity theft. Tatiana Platt, senior vice president and chief trust officer for AOL, said in a statement.
Adding to the problem is confusion over what phishing means. Only 42 percent of Americans are familiar with the term, and of those, just 57 percent can define it accurately, the survey found. Most phishing e-mail appears to come from banks, credit-card companies and other legitimate businesses.
Along with their confusion, the majority of U.S. consumers have failed to adequately protect their home PCs. More than 8 in 10 computers lack at least one of the three critical protections needed, updated anti-virus software, spyware protection and a secure firewall. Exacerbating the problem is the fact that 83 percent of the survey respondents believed that their computers were safe from online threats.
According to Hani Durzy, a spokesperson for eBay said the company continues to dedicate the majority of its focus, not to pursuing phishers, but to educating customers about the problem. The firm is also encouraging users to download its Web browser tool bar, which warns users when they visit sites that appear to be eBay spoofs.
Durzy said the toolbar application successfully denotes the page in question as fraudulent when someone points the browser to the address.
Durzy said eBay also continues to work with law enforcement officials to report and provide information on phishers and other online criminals, to help go after schemers outside the boundaries of the Web.
Some experts contend that the phishing problem will continue to haunt the Web, and high-profile e-commerce players such as eBay, as long as criminals can figure out new ways to dupe consumers and avoid prosecution, or as long as the schemes keep paying off.
We have a major perception gap problem, Ron Teixeira, executive director of National Cyber Security Alliance, said in a joint statement with AOL. Even though most consumers think they are protected, our study shows quite the opposite.
Todd Bransford, vice president of marketing for online-security management services provider Cyveillance Inc. of Arlington, Va., said attacks on eBay and large financials institutions still account for a majority of the phishing threats his company tracks, but the firm also sees phishing moving out in new directions.
He said eBay has done a good job of informing and protecting its customers, but he believes that phishers will continue to aim attacks at the auction site and its PayPal division as long as those efforts keep making money.
It is interesting, we still see a disproportionate number of attacks on eBay and PayPal, even though eBay is being very aggressive against it, as those user IDs are like gold to the criminals, Bransford said. But phishers are also moving downstream to credit unions and other financial services companies that might not be as savvy as larger banks, hotels are having more problems with frequent flier programs, and even insurance companies are being phished.
U.S. households with wireless access were not any better off. More than a quarter of the respondents had a wireless network, but nearly half failed to encrypt their connections, a safety precaution needed to protect against intruders.
While he said consumers have become increasingly savvy about avoiding the fraudulent sites, in part through the customer education efforts of eBay and other frequent targets, Bransford said he sees other problems emerging in the phishing arena, including a growing number of spyware applications loaded onto people’s computers by the sites.
Phishing is moving cross-industry, perhaps because people have gotten smarter, but it is moving into new areas all the time, he said. In cases such as this where the criminals have figured out some way to keep their site up longer, you only wonder how many people will get tricked.