Phishing – the criminal practice of fraudulently acquiring sensitive information online such as passwords, credit card info, social security numbers, etc. – caused some 3.6 million people to suffer $3.2 billion in damages in 2007. Today, the FBI announced they have charged 100 people in connection with a phishing ring which spanned the Atlantic. Arrests were made in Los Angeles and Egypt.
However, the real story here is not the arrests. What’s more interesting is that the FBI appears to be losing ground in its uphill battle to curb online crime . As Chet Wisniewski, senior security advisor at Sophos, a Web security firm noted in the New York Times coverage, “I would imagine there are many different groups doing similar things….you squash one bug and another one emerges.” Gartner reported earlier this year more than 5 million consumers lost money to phishing attacks in the 12 months ending in September 2008 – a 40% increase from the previous year.
To be sure, it’s hard to blame the FBI. It’s a large bureaucracy with a broad purview and limited resources. Online fraudsters and phishers are clever, nimble, plentiful, and preponderant. What’s needed here in a new solution that taps the real-time web (real-time phishing reports?) and social media (automated phishing news alerts on social networks for at-risk individuals?). Sitejabber has a small area dedicated to reviewing phishing scams associated with websites, but we too could do much more to help (all suggestions are welcome: Jeremy at Sitejabber dot com).
Additional phishing resources can be found at Onguard.gov and through the FTC.