Online 'Phishing'

Computer security is in the spotlight at the world's biggest IT fair, the CeBIT, with software companies touting the latest defenses against ever more devious tricks in Internet fraud. Firms gathered at the event in this northern German city said a technique known as "phishing" -- from the words password and fishing -- was among the most insidious scams operating on the Web. The practice involves e-mails sent to clients from sites imitating the bank sites that asked for personal passwords, security codes as well as bank and credit card numbers. When unsuspecting users click on the links provided, they end up giving away the most sensitive of information to thieves. Often the targets are not even clients of the financial institutions in question but a mass "phishing" expedition can bring in a healthy haul even if only a small percentage falls for the trick. The world leader in Internet security systems, Symantec, said that 33 million "phishing" mails had been sent in the course of just one week, versus nine million six months earlier. "It's a very easy fraud scheme to launch that is not very expensive and can be very lucrative," said Olaf Lindner, director of security services for central and eastern Europe. In that six-month period, Symantec recorded 10,310 different kinds of phishing schemes, Lindner added. The company has developed a personal firewall to help protect clients against such malicious e-mails. Experts also have a number of tips for consumers. Never click on a link in a mail but rather type out the address in the URL field. If the mail appears to be from a bank, check to make sure the address begins with "https" and there is a small padlock in the navigator window at the bottom right of the screen indicating a secure site. Russian Internet security firm Kaspersky said the industry was still playing catch-up in the fight against phishing. "These are organized groups trying to make money," anti-virus expert Eugene Kaspersky said. In 2004, phishing cost Internet users three million euros (four million dollars), according to Kaspersky. A study published in January by the Anti-Phishing Working Group based in Cambridge, Massachusetts found 2,560 phishing Web sites. They masked themselves as 64 different companies, up from 46 in October 2004, and 80 percent of them were trying to pose as a bank or other financial institution. Most of the sites were based in the United States (32 percent), followed by China and Taiwan (13 percent), and South Korea (10 percent).