If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U.S. Bank Corporation that I received contains subject "U.S. Bank Fraud Verification Process" and in body of mail it says "We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting security of your account and of U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take following steps to ensure that your account has not been compromised:". It continues with a link to a webpage, which looks very similar to original web page of bank.The misleading web site appears authentic with familiar graphics and logos. The wordings are professional right down to legal disclaimer at bottom of page.
If you happened to be holding an account of claimed bank, followed instructions of email and input your account, pin, password, etc. you are doomed. You just have handed over access to your account to a con artist, who, in a matter of days, will drain off all money available in that account.
This new scam, which is proliferating in a very rapid pace, is called "Phishing". Phishing is a form of identity theft, where a con artist with help of official looking email containing link to phony web pages capable of harvesting information, tricks an unsuspecting victim into divulging sensitive personal data. Scammers use these data to bilk victims out of their savings.
One of most common phishing campaigns being waged has targeted users of Web auction giant eBay and its PayPal division with financial services giant Citibank serving as another popular target. However, recently, every major bank has been hit with this scam. Crooks send out huge amounts of emails with an expectation that some of these email address owners may have online access to their accounts at bank.
The term "Phishing" is a deviation of word "Fishing". In hackers’ lexicon, in many words, "F" becomes "Ph". The term derives from fact that scammers use sophisticated bait as they "fish" for users’ personal information.
According to Gartner, a research firm, illegal access to checking accounts gained via phishing has become into fastest growing type of consumer theft in United States. Roughly 1.98 million people reported that their checking account was breached in one way or another during last year and US$ 2.4 billion were defrauded from victims!
Gartner also estimated that 57 million U.S. Internet users have received phishing emails and 3 percent of them may have fooled into revealing their personal sensitive information.
The Anti-Phishing Working Group has also spotted a dramatic increase in reports of phishing attacks in recent months. Since November, 2003 phishing scams increase by about 110 percent each month. In April alone, group identified 1125 unique phishing scams, a sharp lift of 178 percent from previous month.
MessageLabs, a company that watches phishing scams closely, has noted an even more dramatic increase in number of phishing emails. It claims to see phishing messages jump from just 279 in September, 2003 to a staggering 215,643 in March of 2004.