Taking the Bait On a Phish Scam
Saturday, February 10, 2007
The online news site USA Voice isn't going to win any kudos from media critics. Not for its top story Monday, "Super Bowl Ads Don't Live Up to the Hype." And not for its Fox News-style slogan, "USA Voice: Honest and Unfiltered."
As a phishing scheme, however, privacy experts say it's a winner.
The Web site for the "world's fastest growing news organization" looked good enough to fool Katherine Brinton, an aspiring journalist in Philadelphia. After posting her résumé on Monster.com nine months ago, the 23-year old received an e-mail from USA Voice in November that said it was looking for reporters with "excellent writing skills" and an "innate ability to find the truth."
Brinton filled out an online application with her name, address and telephone number. But instead of job offers, she began receiving a stream of unsolicited e-mails hawking Viagra, payday loans and penny stocks.
"I felt like I was being scammed," she said.
Brinton fell victim to a sophisticated phishing scam, which, in recent months, targeted thousands of job seekers on such popular Web sites as Monster.com and CareerBuilder.com. Phishers send out seemingly legitimate e-mail in an attempt to get people to reply with personal information then used in a variety of scams.
Since June, the Better Business Bureau serving Metro Washington has logged more than 8,000 inquiries about USA Voice and a related entity, Instant Human Resources. USA Voice lists a downtown Washington address; Instant Human Resources lists an address in Rockville. Both locations turned out to be a service that forwards mail for other businesses. Instant Human Resources' parent company, Internet Solutions, says it is based in Orlando.
The Better Business Bureau has received 20 complaints about the three companies, and all share similarities. USA Voice, Instant Human Resources and Internet Solutions advertised such positions as "gossip reporter," "IT assistant" and "quality control administrator" on employment sites such as Monster, CareerBuilder and Yahoo HotJobs, and contacted people who had posted résumés there. But after being enticed to give up personal information, job seekers never heard from the companies again and instead began getting inundated with spam.
"These firms purport to provide employment opportunities. Consumers allege that the only thing they have received is bulk unsolicited e-mail. Based on this, it would appear that the given companies are . . . a scheme to amass and sell personal contact information," said Edward J. Johnson III, chief executive of the Better Business Bureau of Washington.
None of the companies responded to Better Business Bureau inquiries. They also did not respond to a reporter's e-mails or to notes left in their Washington-area mailboxes.
In 2006, about 109 million U.S. adults received phishing e-mails, up from 57 million in 2004, according to research firm Gartner, of Stamford, Conn. About one in six phishing e-mails are opened -- a better rate than for e-mails from legitimate businesses, said Jeff Wilbur, vice president of marketing for e-mail security firm Iconix.
The majority of phishing e-mails claim to be from financial institutions, but phishers have also switched to mimicking dating, social networking and other kinds of online services. In those cases, victims might let their guard down because they are not giving out financial information, Wilbur said. But such attacks can leave them just as vulnerable to identity theft.