In light of a recent survey, school technology leaders may want to make sure they educate their computer users–especially college students, who might be experiencing the economic freedom of credit-card ownership for the first time–about the dangers of “phishing,” “pharming,” and other web-based identity theft scams.
Last month, Denver-based First Data Corp., one of the country’s largest electronic financial transaction companies, released survey results showing 43 percent of adults have received a phishing contact. Five percent of those adults gave up personal information.
The telephone survey of 2,000 people was conducted by Synovate and had a sampling error margin of 2.2 percentage points.
Rebecca Tennille was one of the unlucky 5 percent. Though she considered herself a savvy consumer, when she got an eMail message that looked like it was from her bank, she followed its instructions to go to a web site to verify some personal information.
“It struck me for about two seconds that I should do a little research, but I’ve got a toddler and I had so much to do,” said Tennille, of Birmingham, Ala. “I figured, ‘I’ll just do this and cross it off my list.'”
It was a $6,000 mistake.
The eMail message, complete with logos of her bank, was an attempt at identity theft known as “phishing.” Scammers typically pose as banks, credit card companies, or other institutions to lure victims into giving up sensitive details like passwords or account numbers.
Tennille’s eMail message said her bank had noticed unusual activity in her account and asked her to enter personal data on a web site doctored to look like one from Regions Bank. In reality, the site was set up by crooks who used Tennille’s data to run up dozens of charges in Spain totaling about $6,000.
“After it happens, you just think, ‘I’m so much smarter than that,'” Tennille said. Tennille realized she’d been scammed after her debit card was declined while buying medicine for her daughter. By then Regions Bank had already canceled her card after noticing unusual charges. Regions helped Tennille recover her losses.
William Askew, Regions Financial Corp.’s executive vice president of consumer and business banking, wouldn’t disclose how much phishing costs his company. But a report last year by Gartner Inc., an information technology market research firm, estimated that victims of phishing and other scams cost U.S. banks and credit card issuers about $1.2 billion in 2003.
Meanwhile, cyber-criminals are getting more sophisticated, with new threats popping up such as “pharming,” in which users trying to access legitimate web sites are redirected to fakes set up with addresses that appear similar.
“We used to have cash. One protected very carefully [his or her] cash. If you lose your cash, you lose your cash,” said Raf Sorrentino, head of enterprise risk and fraud solutions at First Data. “Your personal information, if you leave that open, it’s very similar.” The Federal Trade Commission advises that sending financial and personal details via eMail is never a good idea, and legitimate companies don’t ask for those details in an eMail message.
Rather than clicking on the links in eMail messages, retype them into your browser, security experts say. If you suspect an eMail message is a phony, call the institution that supposedly sent it to check.
Regions and First Data are working to make consumers aware of phishing, pharming, and other scams.
“If as an industry we don’t communicate well and customers don’t know, enough people are going to be affected that they’re going to lose confidence in the industry itself,” Askew said.
Tennille has since received another phishing message, which she reported to Regions Financial Corp. investigators.
“I was so high-strung from the whole experience,” Tennille said. “You live and you learn.”
See these related links:
Anti-Phishing Working Group
Federal Trade Commission alert