Mellody Hobson: Go Phish

Jan. 11, 2004 — -- Unfortunately, along with the outpouring of financial support for the tsunami victims in Southeast Asia, there has been an increase in the computer scam known as "phishing." Also called spoofing, phishing is one of the latest threats to the security of your personal information. So-called "phishers" send fake e-mails to consumers, posing as financial institutions, Internet service providers, online bill payment vendors, retailers and even charities, such as the American Red Cross.

A typical phishing scam occurs when an unsuspecting recipient receives an e-mail directing them to a phony Web site where they are asked to verify or update their account information by re-entering pertinent information, such as their Social Security number, credit card number, account username or password. This information is then stolen by scammers and often results in credit card fraud and identity theft, not to mention millions of dollars in losses. In fact, in the past two years, consumers have lost anywhere from $150 million to $500 million from phishing-related activities.

The term "phishing" is an analogy for criminals who "fish" around for people's personal information, using fake e-mails as the bait. "Ph" commonly replaces the letter "f" in hacker language and reflects the original type of telephone hacking called "phreaking" which occurred in the 1970s. Phishing first appeared in 1996 when Internet scammers began stealing people's AOL passwords to use their accounts. Since then, it has developed into a much larger phenomenon, with phishers posing as representatives from a wide range of industries and organizations. A prominent example of the scam occurred during the 2003 holiday season when Visa was a major target.

A June 2004 study by the Gartner Group approximated that 57 million consumers in the United States received a phishing e-mail in the previous 12 months, and the 11 million who responded to these e-mails became victims of identity theft. Unfortunately, with the increasing prevalence of phishing, this number is bound to rise. According to the Anti-Phishing Working Group, there were 8,459 new phishing e-mail messages in November 2004 alone, representing an increase of 34 percent since July 2004. Worldwide, the United States has been the most affected by this scam, hosting 27 percent of the phishing Web sites. However, the number of phishing sites in China has grown significantly in recent months, with the country hosting 21 percent of all sites. While many industries are targeted, the financial services sector has been most affected, representing 75 percent of hijacked brands in November.