Direct Navigation

Phishing

Phishing is defined as attacks using “both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.”²¹ By registering names bearing famous marks, phishers can send emails and run Web sites seemingly originating from the brand owner. This is particularly problematic for financial services companies. Cybersquatters use phishing schemes to lead consumers to spoofed company sites that request personal or financial information from visitors. Oftentimes consumers are prompted to visit these sites due to emails claiming that users’ accounts have been breached or will be closed. These emails are intended to create panic so that consumers will readily provide their social security number, banking account numbers, credit card numbers or other privileged information such as passwords and personal identification numbers (PINs). Once phishers obtain this information they are able to make purchases under the consumer’s name, steal the consumer’s identify and deplete his or her accounts.

The practice of phishing is very lucrative. According to a survey conducted by Gartner, Inc., the average phishing victim in the United States lost $866 in 2007, with total losses from phishing attacks soaring to $3.2 billion.²² The financial impact is not limited to consumers. Brand owners suffer far greater damages as a result of phishing. They are saddled not only with the direct costs of the attack, but also with the costs of enforcement, detection and lost consumer confidence.

In terms of indirect consequences, a loss in consumer confidence weakens the foundation of the online retail industry. Internet retailers depend on consumer trust in order to conduct business. An online shopper must feel confident that the information he or she divulges online will be properly used. The increased usage and profitability of phishing damages the confidence that users have in the integrity of the Internet. Studies indicate that 30 percent of Internet users limit online transactions, and 24 percent limit online banking transactions. Not only do online retailers and financial institutions lose money directly through lost sales, but there is also a decline in Internet business forces companies investing more money back into higher-cost stores and banks. Without consumer trust and support, companies are unable to fully utilize the low costs and high returns of Internet retail.

Trojans

Another common criminal activity associated with cybersquatting is the use of Trojans. The APWG defines phishing-based Trojans as crimeware code designed with the intent of collecting information on the end-user in order to steal that user’s credentials.²³ Phishing-based keyloggers have tracking components that attempt to monitor both specific actions and specific organizations such as financial institutions, online retailers and eCommerce merchants in order to get targeted information. The ultimate goal is to gain access to financial based Web sites, eCommerce sites, and Web-based mail sites.²⁴ Rather than a phishing attack that spoofs an email and asks users to reply with details or go to a spoofed Web site, a Trojan imbeds itself onto the machine and takes the information it wants as the user types it into their computer. Trojan programs are becoming increasingly prevalent as criminals concentrate their efforts on the Internet and send emails linked to malicious Web sites rather than infected mail.

< previous page | next page >