Web Sites Get Tough on Fraud

ByABC News
December 22, 2004, 11:27 AM

Dec. 23, 2004 — -- Last year if someone mentioned "phish" at a holiday party, the conversation that followed would have probably been about music, not a harrowing tale of online identity theft and consumer credit fraud.

Oh, what a difference a year makes.

An estimated 57 million online adults in the United States will have received "phishes" -- e-mails that pose as official missives from a bank or online store in order to trick readers into divulging personal financial information -- in the course of 2004.

Such fraudulent e-mails are expected to account for roughly $1.2 billion in losses -- a tiny drop of the estimated $60 billion in total losses due to all forms of identity theft. But it's also a figure that has caught the attention of online retailers and e-commerce sites. And it's spurring them to action.

Web retailers, banks and credit card issuers have been testing new technologies to combat online scams. But as security experts note, fighting phish and other forms of electronic fraud isn't just a simple matter of adding new technology. It's a matter of rebuilding trust with the online community.

"Part of the problem with phishing, from the corporate standpoint, is that the fraud is occurring away from the [official Web] site," said Mark Rasch, senior vice president and chief security counsel of Solutionary Inc., a managed security company in Omaha, Neb. "It's someone pretending to be you."

Early online con artists used e-mails disguised as official messages from Net giants such as eBay because they were easily recognized and trusted by Web surfers. Customers of the online auction site were used to seeing e-mails from the company touting changes to the site or reminders about their personal account status. And for scammers to create a bogus e-mail or Web site that duplicated the same "look and feel" as the originals is, say experts, practically child's play.

"It's almost a trivial matter," said Rasch. Web sites "transfer all the identifying information that says [this site is] Bank of America or Bank of New York to everyone that goes to those sites."