"Phishing" scams -- those phony e-mail messages demanding that recipients verify their financial data by clicking a link to log into a fake version of their bank or credit card issuer's site -- are not only not going away, they're giving rise to an entire industry of related enterprises that aim to ease the job.
A variety of relatively simple programs let beginners send out their own phishing messages; multiple entities compete to host the fake pages that phishing recipients are lured to; and perpetrators resell their ill-gotten gains through a variety of online markets -- sometimes falling prey to fraud themselves in the process.
There's even a slang term for the whole process of harvesting credit card data via phishing, then converting it into cash: "carding."
The number of online financial scams grew dramatically in fall 2004, according to the Anti-Phishing Working Group and other security experts.
The group -- a coalition of banks and technology companies -- identified 8,459 new phishing messages in November, nearly four times the number reported in August. The group tracked 1,518 phishing Web sites in November, a 29 percent increase from October.
Much of the planning for and profiteering from phishing scams takes place on obscure Web sites and anonymous Internet chat channels.
Few of them can be easily tracked, let alone shut down, as most of these e-mails, chats and Web sites are now hosted and relayed through ordinary Windows computers that have been infected by worms, spyware or viruses that allow them to be orchestrated by remote control. It's possible for the e-mail that fools a phishing victim to be sent via his own computer before it lands in his inbox.
Major credit card companies monitor known fraud sites for phishing activity, but experts say that in many cases thieves have stolen as much as they can by the time a credit card gets posted online.
Last fall, in an undercover investigation dubbed Operation Firewall, the U.S. Secret Service and international authorities infiltrated and shut down some of the most popular carder Web sites, arresting more than three dozen suspects.
Since then, however, a number of new carder Web sites have sprung up to fill the void, driven by continuing high demand, said Sergio Pinon, senior vice president of global security for MasterCard International Inc.