By Leslie Walker
Thursday, July 29, 2004; Page E01
Maybe it's time we all went to digital self-defense school. How else can we learn how to deflect the Internet thieves pounding on our electronic doors?
The pounding is getting louder, judging by recent reports of scammers trying to steal identities through counterfeit e-mails and bogus Web sites. Should the doors give way, I'm afraid we can kiss many legitimate Internet commerce sites goodbye, because they require a foundation of trust.
If you're like me, you're already getting a flood of fraudulent e-mails in your in-box, "phishing" for personal information. Phishing, in case you hadn't heard, is hacker-speak for electronic fishing. It means tricking people into typing user names, passwords, Social Security numbers and other personal data at bogus Web sites.
The bait typically arrives in a message claiming that someone has hacked your account -- your banking Web site, say -- and offering a link for you to log in and verify that you are really you. Sometimes fraudsters even put a fake form in the message, inviting you to type in personal data and click "submit" right there.
Phisher attacks are skyrocketing. They have the Internet and banking industries terribly worried -- though apparently not enough to fix the problem yet.
In May, research firm Gartner Inc. released a survey estimating that 57 million adults in the United States had received a "phishing" e-mail. Gartner estimated that nearly 11 million of those adults had clicked on a bogus phishing link, while 1.8 million had given out personal information.
On Capitol Hill last week, officials from the Federal Trade Commission and Commerce Department huddled with computer industry experts to discuss phishing. The FTC is planning a summit this fall focusing on authentication tools to thwart phishing attacks. Yesterday, the American Bankers Association held a private, two-hour webcast on phishing for its members, featuring computer experts and speakers from the Justice Department, including the FBI, and Treasury.
A big drive to identify and catch phishers will kick off next month, FBI Supervisory Special Agent Tricia Gibbs told the bankers. Dubbed Digital Phishnet, the program involves agents from the Justice Department, Secret Service, state and local police departments and private companies.
James Jones, chief scientist and director of technology company SAIC's Rapid Solutions Lab, showed bankers how phishers use hidden code to create official-looking e-mails and Web sites. He said phishers appear to be growing more selective in choosing targets. Rather than sending out millions of phony e-mails and hoping to hit a few customers of a particular bank, they appear to be culling customer lists and finding other ways to identify and target folks more likely to respond.
Meanwhile, companies whose customers are being targeted say each phishing attack is costly for them as well as their customers.