A customer receives an e-mail that looks like it’s from his or her bank, requesting “immediate action” to keep an online account from being suspended. It appears legit and doesn’t look much different from other e-mails the bank has sent. Busy and worried that the account really will be suspended tomorrow if no reply is sent, the customer follows the Web link and provides personal information.
Within hours, hundreds of dollars at a time are being withdrawn from the account at ATMs around the world.
The scam, known as “phishing,” bilks consumers out of an estimated $2 billion every year. Industry experts warn area customers to be on guard against the scam, which is becoming more sophisticated and preying on people in mid-market areas such as Boone County. A rash of phishing has recently hit Columbia.
Phishing scams, 90 percent of which involve false claims of representing financial institutions or credit card companies, begin when someone either buys a marketing list or steals one after finding a weak link in a network’s security system. Once a contact list is obtained, the phisher creates, buys or otherwise acquires e-mail and Web site templates. E-mails are sent, directing people to “spoofed” Web sites where they provide personal information. The phishers use the information to create ATM cards that can be used almost anywhere.
Sites such as eBay and PayPal also have had problems with phishers targeting customers.
According to the Anti-Phishing Work Group’s Web site, Anti-Phishing.org, the number of reported phishing incidents increased 88 percent between November 2004 and November 2005, the latest month for which data are available. Almost 40 percent of reported attacks in November occurred in the U.S. and China.
Though most sites are in the U.S., their increasing number makes catching the crooks difficult. Confusing the matter further, most of the sites appear on servers without the knowledge of those hosting them.
California is the first and only state to pass a law that makes phishing criminal. Though there are no Missouri laws that address phishing, criminals caught in the U.S. can be prosecuted under existing fraud laws. Sen. Patrick Leahy, D-Vermont, introduced an anti-phishing act to Congress in 2004, but it failed to reach the floor for a vote. The bill has been re-introduced for the new session.
Supporters hope the law will “give law enforcement an additional tool that would allow courts to specifically target phishing schemes in a more direct way,” Leahy spokesman David Carle said.
But Dan Westhues, vice president of retail deliveries at Central Bank in Jefferson City, said that laws can only go so far in protecting consumers and that the ultimate responsibility lies with them.
Westhues said the number of reported successful attacks pales in comparison to the total number of phishing e-mails sent. The vast majority of those who receive the e-mails delete them without responding. Victims of the scam, however, can find themselves dealing with the repercussions for years. Not only do phishers get access to banking information, they can also gain access to Social Security numbers, which can lead to identity theft.
“We can usually shut the sites down in a little over an hour, but they create new ones almost as fast,” Westhues said. The technical team assigned to investigate and combat phishing scams for Central Bank, which Westhues said has a 34 percent market share of Jefferson City’s bank industry and is the biggest player in the Mid-Missouri banking industry, shut down 60 such sites in the first two weeks of the recent outbreak of phishing e-mails.
Attempts to reach representatives of several Columbia banks were unsuccessful.
Phishing actually predates the computer age when con artists used random faxes or phone calls to troll for trusting victims. Though it isn’t a new problem for large banks such as Bank of America, it has become more prevalent in smaller markets, such as Boone County. Larger banks have the security, personnel and experience to fight phishing more quickly and preemptively than smaller banks. Customers tend to be more trusting of local institutions as well, Westhues said. That creates a perfect environment for more thieves.