Phishing scams hijack big-name brands and use customers' trust in those brands to convince people to divulge personal financial information such as usernames, passwords, Social Security numbers, and credit card numbers. Phishing is estimated to have increased at a rate of 52 percent per month in the first half of 2004.
Phishing has been around for a while. Similar early scams, such as the Nigerian letter that offered millions in return for your bank account number, were laughable. But newer schemes have become much more sophisticated. And with the continuing growth of
e-commerce activities and online Internet sales, it's becoming increasingly difficult to differentiate between phishing and real communications from companies that you regularly do business with, such as eBay, PayPal, and Amazon. By some estimates, as many as 5 percent of recipients respond to these scams.
Most phishing scams mimic financial, retail, or ISP businesses. Unsurprisingly, 92 percent of these messages use a spoofed email address, and the average lifespan of a phish Web site is 2.25 days. Some obvious tip-offs that a message is a phishing scam include receiving multiple copies of a message and messages that contain misspellings, incorrect punctuation, and random text. For more information about phishing and copies of actual phishing scams, go to http://www.antiphishing.org. This month, I list the 10 most common phishing attacks. If any of these appear in your inbox, don't be fooled.
10 Westpac—Masquerading as the well-known online banking institution, this phishing scam's messages contain the subject Security Server Update and attempt to snatch your Westpac logon information using an authentic-looking but false Web site, http://www.westpac.com/index.html.
9 Halifax—The Halifax scam is suspected to be of Russian origin. Halifax is a UK banking institution, and the scam presents a URL that takes the user to what appears to be a real Halifax Web site.
8 AOL—One of the first scams to be distributed via AOL Instant Messenger, this phishing scam has the subject Confirm AOL billing info. The hook that tries to convince you to pony up your AOL username and password is the warning that your payments to AOL can't be processed until you update your billing information.
7 Barclays—Barclays Bank is another UK financial institution besieged by phishing attacks in 2004. In a variation of the Halifax scheme, a link takes users to a fake Web site.
6 Lloyd's—The Lloyd's of London scam, copies of which target several other financial institutions, presents a real-looking image to the well-known financial institution and a link to input your account information. The message subject typically contains scrambled text to confuse spam filters.
5 Fleet—In an attempt to entice you to enter your account logon information, the Fleet Bank scam sends a message with the subject New Security Standards for Customers, telling you that Fleet Bank is upgrading its security policies and needs you to provide new security verification data.
4 PayPal—For the millions of PayPal users, this phishing scheme can be compelling. The subject line is PayPal account Limited, and the message claims that your PayPal account has been accessed by an unauthorized third party and asks you to verify your account information.
3 US Bank—With the ironic subject line US Bank Fraud Verification Process, this phishing scam pretends to warn you that your U.S. Bank account has been accessed without authorization (no doubt wishful thinking by the phishers).
2 eBay—You know you've seen this one. The message subject is Verify your Account, and the message body has an official-looking eBay logo and an embedded HTML form that asks for your eBay user ID and password.
1 CitiBank—For some reason, CitiBank is the most popular phishing target, and several CitiBank-related phishing scams are circulating. One of the most common has the subject line Maintenance upgrade and provides a link to a form that attempts to capture your credit card number.