After giving up personal and financial information on a phishing site, the victim is redirected to the real homepage of the company being targeted. Experts say this psychological trick helps erase doubts that victims may harbor about the veracity of the experience and allows more people to be swindled. This tactic is a standard feature of scams today.
New scams impersonate the Department of Homeland Security, the Internal Revenue Service and the Federal Deposit Insurance Corporation.
| || |
___Tech Policy/Security E-letter___ Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week.
Click Here for Free Sign-up
Read E-letter Archive
Several scams emerge that submit stolen username and password information to a real site to verify its authenticity. If the phished data fails to generate a successful login, the victim is prompted to enter a valid user name and password.
Phishers devise a new way to dress up what is typically the weakest part of their scams: the dubious Internet addresses that appear in the victim's Web browser when he or she clicks on the link in a phishing e-mail. Novel programming tricks alter the appearance of the victim's address bar by replacing the URL of the phishing site with that of the company being impersonated.
Phishers use information available to legitimate merchants to check whether stolen credit card numbers are valid for customers of the targeted bank or credit card company.
Hundreds of public Web sites are infiltrated by a new virus capable of stealing passwords, credit card numbers and other personal information when someone visits an infected site. Once inside a victim's computer, the virus waits until that person visits banking sites, then launches a pop-up window that requests private account information.
Research and analysis company Gartner Inc. reports that phishing scams cost businesses and consumers roughly $2.4 billion during the previous year. Gartner estimates that 57 million U.S. adults have received a phishing e-mail, and that 1.8 million of them handed over personal information.
E-mail scammers send phishing messages via America Online's Instant Messenger (AIM) program.
Phishers send e-mails impersonating the Web site of Massachusetts Sen. John F. Kerry's (D) presidential campaign, intending to skim online campaign contributions.
Scammers open legitimate-looking fake online pharmacies, banks, and mortgage-and-loan firms to steal credit card numbers. Online security company Websense reports that these advanced scams now outnumber standard fly-by-night phishing sites.
--By Brian Krebs, washingtonpost.com Staff Writer