Bottom Phishing

For almost two years, Zachary Keith Hill collected dozens of credit card and bank account numbers, which he milked for more than $47,000. After a joint investigation by the Department of Justice and the Federal Trade Commission, Hill agreed this spring to plead guilty to the phishing scam in which he sent e-mails to AOL customers purporting to be from an "AOL Billing Specialist." The messages directed customers to a realistic Web site where unwary visitors were asked for credit card, bank account, and password information. Hill is now awaiting sentencing, which could include as much as 15 years of jail time.

Phishing scams continue to increase. According to the Anti-Phishing Working Group, more than 1,100 unique phishing attacks were reported in April, most of them directed against financial institutions. More than one third were directed against Citibank.

The U.S. Treasury Department's Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council have compiled a group of measures that help prevent, detect, and respond to phishing attacks. These include keeping Web-site certificates up to date, thus making it easier for consumers to check the legitimacy of a Web site, and registering domain names similar to the firm's, so that consumers who misspell a Web address are not taken to identical phishing sites trawling for unsuspecting victims.

@ Lessons Learned by Consumers, Financial Sector Firms, and Government Agencies during the Recent Rise of Phishing Attacks and statistics from the Anti-Phishing Working Group are at SM Online.