NCJ Number
211941
Date Published
2004
Length
2 pages
Annotation
This article defines Internet-related scams called "phishing," estimates its prevalence and impact, and suggests some countermeasures.
Abstract
In a typical phishing scam, the perpetrator copies the Internet Web page code from a well-known site of a legitimate entity, such as a company, bank, or government agency, and then uses it to set up a replica page. Spamming techniques are then used to send a million or more e-mails with a single click. The e-mails advise Internet users that their billing information needs to be confirmed or updated because of a technical or security problem and directs them to click on a hyperlink to reach the official corporate or institutional Web site; however, the link sends them to the scammer's look-alike page. Once there, the user is asked to provide personal and financial information that can be used by the scammer to make charges in the user's name, empty bank accounts, apply for loans or new credit cards, and commit many other types of crimes that use identity theft. Researchers have reported that millions of Internet users in the United States have received some sort of e-mail linked to a phishing scam, and the number is on the rise, with resulting annual losses projected at $2 billion. Recipients of e-mails with the typical signs of a phishing scam should not click on the hyperlink or send a hard copy in reporting the incident; rather, they should forward the e-mail as an attachment to an appropriate resource. In tracing a bogus e-mail, investigators should check the code beneath the headers to determine its source.