washingtonpost.com  > Technology > Tech Policy

Page 2 of 2  < Back  

A Brief History of Phishing

• After giving up personal and financial information on a phishing site, the victim is redirected to the real homepage of the company being targeted. Experts say this psychological trick helps erase doubts that victims may harbor about the veracity of the experience and allows more people to be swindled. This tactic is a standard feature of scams today.

• New scams impersonate the Department of Homeland Security, the Internal Revenue Service and the Federal Deposit Insurance Corporation.

_____Related Coverage_____
Catch the Phish: Take the Quiz
Companies Forced to Fight Phishing (washingtonpost.com, Nov 19, 2004)
Phishing Feeds Internet Black Markets (washingtonpost.com, Nov 18, 2004)
Phishing Schemes Scar Victims (washingtonpost.com, Nov 18, 2004)
How to Fend off Phishing (washingtonpost.com, Nov 18, 2004)
Complete Cybercrime Coverage
_____Live Discussion_____
Today, 11 a.m. ET: Brian Krebs hosts Dave Jevans, chairman of the Anti-Phishing Working Group.
Ask Questions NOW

_____Message Boards_____
Post Your Comments

February 2004:

• Several scams emerge that submit stolen username and password information to a real site to verify its authenticity. If the phished data fails to generate a successful login, the victim is prompted to enter a valid user name and password.

April 2004:

• Phishers devise a new way to dress up what is typically the weakest part of their scams: the dubious Internet addresses that appear in the victim's Web browser when he or she clicks on the link in a phishing e-mail. Novel programming tricks alter the appearance of the victim's address bar by replacing the URL of the phishing site with that of the company being impersonated.

June 2004:

• Phishers use information available to legitimate merchants to check whether stolen credit card numbers are valid for customers of the targeted bank or credit card company.

• Hundreds of public Web sites are infiltrated by a new virus capable of stealing passwords, credit card numbers and other personal information when someone visits an infected site. Once inside a victim's computer, the virus waits until that person visits banking sites, then launches a pop-up window that requests private account information.

• Research and analysis company Gartner Inc. reports that phishing scams cost businesses and consumers roughly $2.4 billion during the previous year. Gartner estimates that 57 million U.S. adults have received a phishing e-mail, and that 1.8 million of them handed over personal information.

July 2004:

• E-mail scammers send phishing messages via America Online's Instant Messenger (AIM) program.

August 2004:

• Phishers send e-mails impersonating the Web site of Massachusetts Sen. John F. Kerry's (D) presidential campaign, intending to skim online campaign contributions.

October 2004:

• Scammers open legitimate-looking fake online pharmacies, banks, and mortgage-and-loan firms to steal credit card numbers. Online security company Websense reports that these advanced scams now outnumber standard fly-by-night phishing sites.

--By Brian Krebs, washingtonpost.com Staff Writer

< Back  1 2

© 2004 TechNews.com