Phishing scams eroding credibility of businesses

As spammers' tactics increase and evolve, businesses credibility may go the way of junk mail.

Phishing is being used in conjunction with well-known business names to solicit personal information. The Federal Trade Commission defines phishing as "a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information."

Companies such as AOL, eBay and U.S. Bank are being targeted and spammers are changing their tactics to include greeting cards, attachments, spy ware, key loggers and viruses.

"Phishing has taken spam from an annoyance to a criminal activity in that it is now bank robbery," said Neil Schwartzman, executive director of the Coalition Against Unsolicited Commercial E-mail, a consumer advocacy organization launched in May 1997. "It is getting so serious that clearly it is beginning to have a negative impact on businesses."

There are some precautions that Internet users can take.

"Never believe that an e-mail is from your bank and if you are going to log into your bank account always use the URL that you have saved in your bookmarks," Schwartzman said. "Never click through an e-mail, because you don't know if that has been changed."

The Anti-Phishing Working Group focuses on eliminating fraudulent activity and accepts reports of fraud and identity theft related to phishing, pharming and e-mail spoofing.

According to its Web site, pharming crimeware misdirects users to fraudulent sites or proxy servers.

The number of phishing reports has remained stable, with a drop of more than 18,000 from April to May. There were 37,438 unique phishing Web sites detected by APWG during May, yet Web sites hosting crimeware (3,353) shot up 7.4 percent compared to the previous record month.

According to Postini Inc. summer has brought some of the largest e-mail attacks in history, the biggest being a PDF-based spam attack Aug. 7-9.

Adam Swidler, senior marketing manager at Postini, said bot-nets are largely responsible for the increase in spam volume, creating a black market economy where time can be rented on the bot herder's machines to distribute spam.

As companies prepare for the holidays, Swidler said an increase in spamming can be expected.

"It's really impacting our use of e-mail as a communication tool," he said.

But phishing can be convincing, and unfortunately there is probably no real solution.

"As long as people continue to fall for it they will continue to do it," said Jerry Wilson, director of information technology for the University of Colorado at Colorado Springs. "We try to do a lot of awareness. We will send out e-mails to remind people. We do run spam filters and phishing filters."

One way to detect fraudulent messages is to look for bad grammar. Spammers do this so filters won't catch the messages, he said.

Using a company such as Postini ensures companies that their electronic communications are secure by routing email traffic through their spam center. Anything suspicious is blocked before it gets to the inbox.

But because technology has increased to stop spam, companies find it harder to send mass e-mails as marketing campaigns.

Even at UCCS, mass e-mail sent from faculty members to students sometimes doesn't reach inboxes.

And a few wrong words, such as "money back guarantee" or "click here to unsubscribe," can send a message directly to junk mail.

The Institute for Spam and Internet Public Policy, provider of the SuretyMail e-mail accreditation service, helps disseminate information to the public and private sectors.

The institute works with top ISPs, including AOL, Yahoo, Hotmail and Earthlink to ensure legitimate e-mail is not being blocked.

But whether spam is actually increasing depends on your definition of spam and who you talk to, said institute President and CEO Anne Mitchell, and the percentage of spam has stayed fairly consistent at between 80 percent and 90 percent of all e-mail.

For example, you might give your e-mail to a company so you can be notified when a package arrives and the next week you get the company's newsletter in you inbox.

"Some will say that is spam, some say it is not," she said.

Copyright 2007 Dolan Media Newswires
Provided by ProQuest Information and Learning Company. All rights Reserved.