NCJ Number
211113
Date Published
2005
Length
2 pages
Annotation
This Australian report discusses the nature, methods, and countermeasures for "phishing," an online practice of speculative baiting of potential victims of identity theft by contacting them online and enticing them to reveal personal information that can be used in identity-theft fraud schemes.
Abstract
Australia's Anti-Phishing Working Group (APWG) has obtained data on the scale of e-mail phishing attacks for Australian Internet users. There were 13,141 new distinctive phishing e-mails identified in February 2005, a dramatic increase from the 107 phishing e-mails reported in December 2003. A total of 2,625 separate phishing sites (sites advertised by e-mails) were reported in February 2005. These sites sought information that can be used in identity theft for fraudulent schemes. These sites were maintained for short periods (average of 5.7 days). An example of a phishing strategy is to send spam e-mail that requires a person to "validate" their credit card or their Internet banking account login details. In other cases of phishing, perpetrators use sophisticated techniques to intercept encrypted passwords and capture victim information being transferred online. Another strategy is for phishers to impersonate a legitimate site with which the user may desire to do business, which in turn requires the divulging of personal information that can be used in financial frauds against the victim and other entities. A recommended countermeasure against phishing is to never respond to an e-mail that seeks to verify or confirm online authentication details, even when solicited by a company with which the user has had legitimate dealings in the past. Responding to what appears to be legitimate inquiries may divert the user to malicious sites that can load software onto the customer's computer that will subsequently reveal personal information being transmitted. 4 listings for further reading