Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Risk Management FREE Briefings Record Retention
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

Examiner's Corner

Executive Briefing

Infovault

Launch Pad

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification

Record Retention


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

BOL Toolbar

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 

About Advertising
About Our Sponsors
About Us



Danger! Phishing! Alert Your Accountholders

MessageLabs, a company that manages email security, reports a vast increase in phishing emails in the past six months. In September, 2003, the number of phishing emails the company saw was 279. By January of 2004, the number had risen 1200 percent to 337,050. Meantime, the Anti-Phishing Working Group, an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing, reports more dangerous facts. In April, the attacks increased 180%, and reports show 15 of the top 20 targeted organizations are financial institutions.

Phishing is the practice of sending legitimate-looking email to Internet users that directs them to a site that looks like a real one, but is a fake. Victims are usually asked to go to the site to update personal information that is then used by the criminals to make online financial transactions.

The crime has occurred on every major English-speaking continent, and banks are a frequent target. Citibank was hit with 98 scams in March, and 475 in April - an average of almost 16 phishing attacks per day. USBank went from 4 in March to 62 in April. Recent investigations reveal that perpetrators have become more sophisticated, and that the crime is increasingly being carried out by gangs in Eastern Europe and Russia.

Tumbleweed Communications Corp. and the Anti-Phishing Working Group recently sent out an alert that reveals how sophisticated the attacks have become. The alert reports a scheme whereby criminals can replace the "address" bar at the top of a user's Web browser with a working fake that has a legitimate HTML address but takes the user to a fake site.

The way it works is this: a consumer receives a forged email that pretends to be from a bank. The email says the recipient must verify his or her email address by clicking on a link. The link opens the user's browser and replaces the real address bar with the fake one while taking the user to the fake site. The user thinks it's a real address not just because it looks the same as a legitimate site but because the address bar (which is now fake) has a legitimate address. The only two ways to tell the difference are:
1) There is no SSL security lock padlock in the lower corner of the browser.

2) When the user types a different URL into the address, the browser title does not change from the fake "welcome" message.

Cyota, a company that provides anti-fraud and security solutions for financial institutions, also reports that overall methods have become more sophisticated. The company said it has identified cases in which fraudsters launch attacks and host spoofed sites from multiple locations simultaneously. This method makes it much harder for banks and law enforcement to track down the location of the spoofed sites, thus increasing the chances of losses.

Internet provider Earthlink, which has its own campaign to hunt down phishers, agrees that the crime has evolved and moved. The company says over half of those cases it found over the past few years were from fraudsters under 18. More recently, both the emails and spoofed sites have become more legitimate-looking.

PHISHING FACTS
  • 1 in 5 Americans were the target of phishing attacks during the last year.
  • 57 million consumers have received phishing emails.
  • Out of 4 million consumers who encountered fraud last year when opening a new online account, over 50% said they also received a phishing e-mail.
  • Average number of phishing attacks per day reported in April, 2004 - 37.5
  • Business sector most targeted by phishing attacks in April - Financial Services
  • Organization most targeted by phishing attacks in April - Citibank (475 attacks)
Copyright © 2004 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 14, No. 2, 5/05



Print Friendly! Email This Article! Discuss NOW!


Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.