Computer Crime Research Center


Ex-U.S. Cyber Security Chief Sees Curb on Phishing

Date: December 10, 2004
Source: Washington Post
By: Lisa Baertlein

A former White House Web security chief predicted on Wednesday that technology companies and law enforcers could soon stamp out most Internet "phishing" scams that aim to trick people into giving away personal and financial information.

"I firmly believe that at this time next year we will be able to say that phishing used to be a problem," said Howard Schmidt, who was special adviser for cyberspace security during the first term of President Bush.

Separately on Wednesday, Internet companies such as EarthLink, Microsoft, AOL and VeriSign Inc. said they had joined with the Federal Bureau of Investigation, the Federal Trade Commission, the U.S. Secret Service and the U.S. Postal Inspection Service to form Digital PhishNet to speed arrests and convictions against phishers.

Schmidt, whose other posts have included stints as security chief at Microsoft Corp. and at eBay Inc. , said anti-phishing efforts have started to make a dent.

Spam filters from companies like Yahoo Inc. , AOL and Microsoft have gotten better at netting the offending e-mails, which use a variety of come-ons to persuade recipients to click through to fake Web sites and reveal such things as social security numbers and bank account information.

Anti-virus software and personal firewalls can also keep phishing e-mails out of inboxes. At the same time, law enforcement officers are becoming better trained, he said.

Financial companies such as Citibank and eBay's online payment service PayPal are among the favorite targets of phishers, who pose as company representatives.

Phishing attacks, which surfaced early last year, are growing more sophisticated after being embraced as a favored scam of offshore organized crime rings.

Some of the latest phishing lures promise free $250 to $500 gift cards for use at Macy's, the Gap and Toys "R" Us in exchange for answering survey questions.

While it is agreed that the number of phishing attacks has exploded, phishing-related loss estimates vary wildly.

The TowerGroup recently said direct fraud losses attributable to phishing are expected to total $137 million globally in 2004. On the other hand, a survey conducted by technology research firm Gartner in April estimated that phishing victims lost $1.2 billion over 12 months.

"The truth is probably somewhere in between," said David Jevans, chairman of the Anti-Phishing Working Group, a consortium of banks, online retailers and other businesses formed earlier this year to fight the problem.

Jevans said most phishing losses result from fraudulent credit card use, with merchants taking the brunt of the financial hit. Phishers can also use bank account information to make electronic withdrawals, he said.

EarthLink Inc. , eBay and other companies have rolled out downloadable toolbars that alert users when they are on a potentially fraudulent, or "spoof," Web site.

GeoTrust, where Schmidt is a director, has an anti-fraud toolbar. The company's site also offers a verification service called TrustWatch, where users can type in a Web site's URL to check if the site in question is reputable.

"We're all working together to get the sites shut down as quickly as possible so they won't be around to collect your information," said Schmidt, who in his position on the Cyber Crime Advisory Board for the National White Collar Crime Center worked with the group that created Digital PhishNet.
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2004-12-14 00:19:18 - I'll believe it when I see it. First of... questionmark
Total 1 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo