| Phishing scams hijack big-name brands and use customers' trust in those brands to convince people to
divulge personal financial information such as usernames, passwords, Social Security numbers, and credit
card numbers. Phishing is estimated to have increased at a rate of 52 percent per month in the first
half of 2004. Phishing has been around for a while. Similar early scams, such as the Nigerian letter
that offered millions in return for your bank account number, were laughable. But newer schemes have
become much more sophisticated. And with the continuing growth of
e-commerce activities and online Internet sales, it's becoming increasingly difficult to differentiate
between phishing and real communications from companies that you regularly do business with, such as
eBay, PayPal, and Amazon. By some estimates, as many as 5 percent of recipients respond to these scams.
Most phishing scams mimic financial, retail, or ISP businesses. Unsurprisingly, 92 percent of these
messages use a spoofed email address, and the average lifespan of a phish Web site is 2.25 days. Some
obvious tip-offs that a message is a phishing scam include receiving multiple copies of a message and
messages that contain misspellings, incorrect punctuation, and random text. For more information about
phishing and copies of actual phishing scams, go to http://www.antiphishing.org. This
month, I list the 10 most common phishing attacks. If any of these appear in your inbox, don't be
fooled. 10 Westpac—Masquerading as the well-known online banking
institution, this phishing scam's messages contain the subject Security Server Update and attempt
to snatch your Westpac logon information using an authentic-looking but false Web site, http://www.westpac.com/index.html.
9 Halifax—The Halifax scam is suspected to be of Russian origin.
Halifax is a UK banking institution, and the scam presents a URL that takes the user to what appears to
be a real Halifax Web site. 8 AOL—One of the first scams to be
distributed via AOL Instant Messenger, this phishing scam has the subject Confirm AOL billing info.
The hook that tries to convince you to pony up your AOL username and password is the warning that your
payments to AOL can't be processed until you update your billing information. 7
Barclays—Barclays Bank is another UK financial institution besieged by phishing attacks in
2004. In a variation of the Halifax scheme, a link takes users to a fake Web site.
6 Lloyd's—The Lloyd's of London scam, copies of which target several
other financial institutions, presents a real-looking image to the well-known financial institution and
a link to input your account information. The message subject typically contains scrambled text to
confuse spam filters. 5 Fleet—In an attempt to entice you to enter
your account logon information, the Fleet Bank scam sends a message with the subject New Security
Standards for Customers, telling you that Fleet Bank is upgrading its security policies and needs
you to provide new security verification data. 4 PayPal—For the
millions of PayPal users, this phishing scheme can be compelling. The subject line is PayPal account
Limited, and the message claims that your PayPal account has been accessed by an unauthorized third
party and asks you to verify your account information. 3 US Bank—With
the ironic subject line US Bank Fraud Verification Process, this phishing scam pretends to warn
you that your U.S. Bank account has been accessed without authorization (no doubt wishful thinking by
the phishers). 2 eBay—You know you've seen this one. The message
subject is Verify your Account, and the message body has an official-looking eBay logo and an
embedded HTML form that asks for your eBay user ID and password. 1
CitiBank—For some reason, CitiBank is the most popular phishing target, and several CitiBank-related
phishing scams are circulating. One of the most common has the subject line Maintenance upgrade
and provides a link to a form that attempts to capture your credit card number. |
