Don't Get Hooked By Phishing

More and more consumers are being deluged with e-mails claiming to be from their bank, credit card company, eBay or others asking them to “update” their personal or financial information.

The problem is that your information goes directly to a criminal who then uses it to run up charges under your name or to open new accounts, potentially devastating your finances and credit scores. This new scam is known as phishing (search), and these scammers are trying to get consumers to take their sophisticated bait.

In the last few weeks, a number of states have taken important action to stop these phishing scams and other forms of cyber-crime. Recently, the governor of New Mexico signed legislation making phishing scams a 4th degree felony and making it easier for victims to sue the scam artists. The Washington State legislature just passed two bills that deal directly with the consumers’ ability to recover damages from individual phishers and spammers (search). Both of these are important acts and other states are looking at similar legislation.

More states need to start adopting laws like those of New Mexico and Washington, because it’s critical that we send a message to these criminals that their actions will not be taken lightly. Phishing scams have become the fastest growing form of cyber-crime. According to the Anti-Phishing Working Group (search), an online fraud watchdog, the number of phishing attacks has grown an average of 26 percent per month from July of 2004 to February of 2005.

If these numbers aren’t bad enough, news reports say that these smart phishers are now luring teenagers though one of their favorite mediums – Instant Messaging. Often, these messages are crafted to appear to come from their buddies online, a familiar source, and the teens unknowingly click on a bogus web address and enter their personal information. For these young adults, their credit could be ruined before they even get started in life.

Although computer users can take steps to protect themselves, governments need to start taking definitive action in the fight against spammers, hackers, and identity thieves. So what can be done to combat these online thieves?

While the actions in these states are a good start, we need to see continued action at the state and federal level to punish the criminals involved in these crimes.

Earlier this year, the US Attorney General demanded strict sentencing for Jeffrey Parsons, infamous creator of the Blaster-B worm (search) who was arrested in August 2004. Just this month, Florida Attorney General Crist filed the first lawsuits against spammers under the new Florida Electronic Mail Communications Act (search).

In January, the Texas Attorney General filed the first lawsuit against destructive spammers under the CAN-SPAM (search) federal law. It’s critical that scam artists understand we will take their crimes seriously and they will pay the price.

Along with government officials, the technology industry and consumer groups have recognized that phishing scams are a growing problem and are taking action to battle the spammers. Earlier this month, the Federal Trade Commission, Microsoft, and the National Consumer’s League came together to educate consumers about phishing scams -- how to recognize phishing and how to avoid becoming a victim. The announcement also included the news that Microsoft has filed 117 lawsuits against alleged phishers, an important step in foiling the destructive actions of possible spammers and hackers.

Fortunately, these actions are only the latest indication that the industry is helping consumers tackle this growing crime. Companies like eBay, PayPal, Microsoft and Visa have created a Phishing Reporting Network (search) to help consumers report phishing scams. Symantec, Corillian, NameProtect and other companies have created an Anti-Fraud Alliance to help combat phishing scams.

By offering new tools to consumers (like sophisticated spam filters), forming industry partnerships and working with law enforcement officials, the tech industry has taken a leadership role on phishing and other forms of cyber-crime. The industry continues to use the latest technology to help consumers filter out phishing emails and other forms of spam. Through product innovation and industry cooperation, the marketplace continues to offer solutions.

Consumers can also play an important role in protecting themselves. Most importantly, consumers should be wary of any email asking them to provide personal or financial information -- period. Don’t respond to unsolicited emails that ask you to verify account information -- contact the bank or company on your own and verify that it is legitimate. Companies will generally not send you an email asking you to update your credit card number or account info. Also, never send personal or financial information in an email as it is not a secure method of transmitting such sensitive items -- look for a secure Website.

If you receive spam that is suspicious and may be a phishing scam, the Federal Trade Commission has set up an email address to forward the email: However, if you think that you have been a victim of phishing or if your identity may have been compromised, you can file a complaint at the FTC’s website at

Of course, consumers should always keep their virus software and firewalls turned on and updated; use passwords and change them regularly; and never open suspicious attachments.

Through continued industry cooperation, government actions, and consumer awareness, we can make a big difference in the battle against phishing. Let’s make sure we consumers don’t get hooked into these devastating scams by phishermen.

Jim Prendergast is executive director of Americans for Technology Leadership.