In the last six months, the number of phishing email scams has increased 1,200 percent, putting end users and major companies at an even greater risk, according to a report from MessageLabs Inc., a managed email security firm based in New York.
MessageLabs reports that last September its analysts had only seen 279 phishing emails. But that number had risen nearly 800-fold to 215,643. Phishing emails peaked in January with 337,050.
''It's a very dangerous trend,'' says Paul Wood, chief information analyst at MessageLabs. ''It's preying on people's vulnerabilities. They're being conned into downloading viruses or giving away their financial information... Some people are having a lot of money siphoned from their bank accounts.''
Spammers send out millions of emails claiming to be from legitimate organizations, such as major U.S. banks or credit card companies. The spammers even fake the senders address so it appears to be from the company they're posing to be. The message in the email often says there is a problem with the recipient's account and it has been shut down. To reinstate the account, or deal with whatever fictional problem the email refers to, the user is instructed to click on a link that then takes them to a phony Web site.
The users are then led to what is often a perfect replica of the Web site that the spammer is pretending to be. At this point, the victim is asked to 'update' his personal security information, passwords, Social Security numbers, addresses and bank account information. The information is then used to siphon money out of the victim's bank account or to make financial transactions with their money.
''In just six months, the number of phishing emails seen by MessageLabs has increased exponentially -- evidence that the number of individual scams has also risen dramatically,'' says Mark Sunner, chief technology officer at MessageLabs. ''For targeted organizations, the impact can be high, including lost productivity, customer confusion and complaints, damage to the brand and legal implications. For individual users, the financial losses can be excessive. If allowed to continue unchecked, online phishing scams threaten to undermine confidence in e-commerce as a whole.''
According to MessageLabs, in the United States, Citibank, eBay, PayPal, Wachovia, Visa and Bank of America are on the list of major banks and online transaction companies that have been targeted. In the United Kingdom, the perpetrators have gone after customers of Barclays, NatWest and Lloyds TSB, among others.
The financial damage caused by online identity theft is not only mounting, it's exploding at a growth rate of about 300 percent a year, according to a 2003 study by the Aberdeen Group, a Boston-based industry analyst firm.
Financial loss from identity theft is expected to reach $73.8 billion in the United States by the end of this year -- $221.2 billion worldwide, reports Aberdeen analysts. The current trajectory -- based on a 300 percent compound annual growth rate -- has the figures reaching $2 trillion by the end of 2005.
The virulent Mimail family of worms is on the scam.
Mimail-I and Mimail-J both carried out a phishing scam. Both try to induce users of PayPal, owned by eBay, to enter their credit card information into a pop-up window. The victim has to click on an attached program to activate the virus and Mimail-J also asks for a Social Security number and mother's maiden name, two key pieces of data essential for identity theft.