Phishing for the Holidays

I received the following e-mail the other day: Dear valued Washington Mutual Bank client. It has come to our attention that your WAMU Billing Information records are out of date. Please take 5-10 minutes out of your online experience and update your billing records. Failure to update your records will result in account termination. I’m sure you’ve received dozens of similar ones. Too bad I don’t have an account with Washington Mutual, nor do I think there’s a Marry Kimmel in the firm’s billing department.

Nearly unknown a year ago, phishing scams have skyrocketed in frequency and are now considered a potential threat to the growth of online financial services. Using e-mail as a low-cost medium, criminals are phishing to trick people into revealing their bank account numbers, passwords and other confidential information. Phishing is being described as the fastest-growing white-collar crime in the United States.

A new report from TowerGroup puts phishing fraud at $137 million globally this year, though other groups have said it’s as high as $500 million. Whatever the amount, the concern is enough for 58 percent of respondents to a recent TrustE study to say identity theft, spyware and other privacy concerns may cause them to reduce their online holiday shopping. Also, the number of phishing sites reported to the Anti-Phishing Working Group has increased 28 percent each month since July.

TowerGroup expects the number of phishing attacks to nearly triple next year, from 31,000 to 86,000. Nearly all of the attacks target just a handful of companies. Trend watcher Marcus Sachs told the Washington Post last week: “I liken the problem of online crime to the ’20s and ’30s, when law enforcement was still trying to figure out who all the gangsters were. They’d have a few arrests here and there but mostly the mafia types were just running circles around them.” Let’s hope someone can round up the bad guys and run them out of town soon.

While most of the online population sees phishing attacks as a nuisance, there obviously are many people falling for the scheme every day. Even though I know eBay is a prime phishing target, I gullibly opened an e-mail sent to my AOL account two weeks ago saying my account had been suspended because of a lack of activity. I haven’t bought anything on eBay in nearly two years, and AOL’s spam filters usually stop all of these. A minute later as I began clicking through to eBay’s “official” site, it dawned on me that this may be fishy … and then felt pretty stupid about the whole thing.

Tad Clarke is editor in chief of DM News. To read his editorial every Monday subscribe to our free e-mail newsletter DM News daily by visiting //

Related Posts