Tuesday, June 6, 2006

PULSE: Edward D. Murphy

Banks warn against lure of phishing

Copyright © 2006 Blethen Maine Newspapers Inc.

 

E-mail this story to a friend

 

 

Despite repeated warnings, people still get hooked by "phishing."

Now there's a renewed effort to get people to resist the temptation to respond to what looks like a legitimate inquiry from a bank, credit-card issuer or online auction site. The effort is led by a consortium of 21 Maine banks and a new organization that will be announced today.

The practice, in which Internet scammers phish for victims, has been around for years. And even though customers are told companies won't ever ask for private financial information in an e-mail, an astonishing 5 percent of those who receive e-mail inquiries actually send information that can be used to clean out bank accounts, run up unauthorized charges or take out fraudulent loans.

Sometimes an individual bears the cost, but banks, credit-card companies and retailers often end up with the lion's share of the losses, so it's in their interest to get consumers to avoid the scams.

"The banks in Maine work very hard to secure their internal systems, but this is external," said Sari Greene, director of the newly formed Maine Anti-Phishing Coalition. "No one's attacking their systems."

Greene, who owns Sage Data Security, an information security consulting firm, said it's easy to see how people are fooled by phishing scams.

"It used to be easy to spot, but it's not anymore," she said.

Greene said most of the phishing e-mails direct a computer user to a site that is indistinguishable from a legitimate Web page. Rather than trying to divine whether an e-mail is official, it's easier, she said, to simply ignore all requests for personal information as a matter of course.

"Don't even try to spot it," she said. "We look at it all day long and it's become so good and so sophisticated, it's hard to determine which is legitimate and which is not."

The scam is lucrative, Greene said, noting that most estimates put the cost at $5 billion a year for individuals and $47 billion a year for businesses.

Surprisingly, the age group most vulnerable to phishing isn't senior citizens or baby boomers - groups that only started using computers in their adulthood. It's young adults, 24 to 29, Greene said, who grew up with computers.

Their elders are a little less trusting of the technology, and Greene said their younger siblings have been warned more frequently about the perils of sharing personal information in the digital age.

"Their parents weren't warning them," Greene said of the young adults.

Also, since people in that age group are just starting out on their own, they're used to being bombarded with credit-card, loan and bank account offers, and often prefer to buy online, which means they may not think twice before sending account numbers over the Internet.

Greene said Mainers have some tools against becoming a phishing victim, most of which are explained on the group's site at nophishing.org. She noted one particularly useful tool is a state law giving a consumer the right to put a freeze on credit files, to prevent scammers from opening an account in the consumer's name. Credit reporting agencies can charge a fee, but the freeze is free for those who have been victims of identity theft in the past.

Staff Writer Edward D. Murphy can be contacted at 791-6465 or at:

emurphy@pressherald.com


To top of page