Friday, April 2, 2004

Developing technology fights 'phishing' scams

By Anick Jesdanun
The Associated Press

NEW YORK - Mark Nichols runs an online gift shop and considers himself Internet savvy. He got duped by an e-mail scam anyhow.

A message saying it was from eBay Inc. asked Nichols to submit his password and other personal information to a Web site. The e-mail had arrived shortly after Nichols' credit card had expired, so he didn't suspect the site was phony.

"I was thinking, 'You're right, I do need to go update my account,' and sure enough, I fell for it," the Crosby, N.D., man said.

As these so-called phishing scams proliferate, companies are sharpening technological tools to counter them.

Anti-phishing software is apt to soon be added to the arsenal of digital shields forged to stop spam, viruses and hacking.

Scammers now copy and paste Web coding from real sites to give their fraudulent messages and the sites they lead to an aura of authenticity.

They register Internet addresses that look real, subbing the letter "l" with the numeral "1," for instance. A few messages even carry ads for that aura of authenticity.

"What used to be a game and a prank has now been recognized as something that can be lucrative and has attracted organized efforts," said Bill Harris, chairman of PassMark Security LLC and former chief executive of PayPal, a frequent phishing target.

The Anti-Phishing Working Group, formed in October by industry and law enforcement, identified 282 new phishing scams in February, up from 176 a month earlier. About 70 percent have been traced to eastern Europe or Asia, David Jevans, the group's chairman, said.

Jevans said no hard numbers are available on monetary losses from phishing, which represents only a sliver of overall fraud. The greater cost is in consumer confidence, he said: Banks might suffer if customers shun online banking and insist on using more expensive tellers.

In Nichols' case, he realized his error early enough, so he quickly changed his eBay password. But the scams can be costly.

To fight back, eBay in February added an Account Guard feature. A green light appears when users are on a site run by eBay or its PayPal subsidiary. The light goes red for known fraudulent sites. A warning also appears any time users try to enter their eBay or PayPal passwords elsewhere.

Dirty air cost area firms, jobs
Dow boots trio from stock index
Update of icon almost finished
Findlay Mkt. parade needs mascot
New day for Sunny Delight
Many jobless are leaving labor pool
Factory output has new strength
Magazine watched for signs of success
New trial for Stewart unlikely
Developing technology fights 'phishing' scams
Tristate business summary
Business digest
Business People