Stinkysteve
07-16-2004, 07:38 PM
Please be careful to what information you give over the internet! ! ! ! Know who you are dealing with! Any company you have a relationship with will not ask for critical information in an e-mail.
Story here:
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23901052
Phishers Face More Jail Time
By TechWeb News
President Bush on Thursday signed into law a bill that stiffens criminal penalties for identity thieves, including those who purloin information electronically using phishing attacks.
Known as the Identity Theft Penalty Enhancement Act (ITPEA), the new law sets punishment guidelines for anyone who obtains or holds someone else's ID-related information with the intent to commit a crime.
"The bill sends a clear message that a person who violates another's financial privacy will be punished," said Bush before signing the bill. "When a person takes out an insurance policy, or makes an online purchase, or opens a savings account, he or she must have confidence that personal financial information will be protected and treated with care."
The ITPEA's goal is to make sure that identity thieves don't walk away unpunished. It adds an extra two or five years, depending on the severity of the crime, to sentences, with the additional years served without the possibility of parole.
In an online Q & A session Thursday, Deputy Attorney General James Comey noted that those arrested and convicted of phishing -- the practice of tricking users into visiting bogus Web sites, then getting them to reveal confidential financial data like credit card and bank account numbers -- would be among those facing longer prison stays.
"If the phisher uses the information to commit mail fraud, for example, that phisher will get an extra two years in jail because he used stolen identity info," said Comey.
Although online identity theft still makes up a small slice of over ID fraud, the rapid rise of phishing has caught Internet users and companies of all colors unprepared. Worse, the number of phishing attacks continue to rise.
Thursday, for instance, U.K.-based security firm MessageLabs said that phishing e-mails increased 20 percent in during May over April. Since September, 2003, when MessageLabs first began tracking phishing attacks, the scams have jumped nearly 900 fold.
"In just ten months the number of phishing e-mails has increased exponentially -- evidence that the number of individual scams has also risen dramatically," Mark Sunner, MessageLabs' chief technology officer said in a statement. "If allowed to continue unchecked, online phishing scams threaten to undermine confidence in e-commerce as a whole."
Related story:
http://www.internetweek.com/security02/showArticle.jhtml?articleID=22102528
Sender Authentication Seen As Key To End Phishing
By TechWeb News
Putting a stop to phishing attacks will require some sort of e-mail sender authentication scheme, the Anti-Phishing Working Group said Monday as it announced that 95 percent of all fraudulent e-mail scams use spoofed, or forged, "From" addresses.
May's account of phishing -- the group puts out monthly reports -- showed only a six percent increase in the number of unique attacks. The results would have been worse, said the Anti-Phishing Working Group (APWG) if not for the Memorial Day holiday weekend, which saw a significant dip of reported scams.
The average number of phishing attacks per day was also up slightly over April, the APWG reported.
But with an overwhelming majority of phishing attacks relying on spoofed sender addresses, there's little chance of beating these scams until authentication is widely adopted, said Dave Jevans, chairman of the APWG.
"The Achilles heel of phishing is the reliance on forged 'From' addresses to hide the sender's identity," said Jevans in a statement. "Once ISPs start to verify the source of messages, a lot of the bad things in e-mail, including phishing, will be greatly reduced. Not many scammers will use their personal e-mail accounts to launch a crime wave."
Multiple sender authentication specifications have been proposed, including Sender ID, a blend of Microsoft's former Caller ID for E-mail and the more popular Sender Policy Framework (SPF) which was submitted to the ITEF last week, and Yahoo's competing DomainKeys.
Of the five percent of "From" addresses which were not forged, APWG dubbed the majority as "social engineering" addresses which are not phony, but simply variations of the actual e-mail domains used by the firms phished.
For instance, one social engineering "From" address used to fool Visa customers into divulging credit card information is support@verify-visa.org, which is not a valid address for Visa. Other misleading addresses APWG has spotted include citicard@citigrop.com and billing@ebay.staff.com.
Citibank remained the number one target of phishers in May, a dubious honor the financial firm has held for the last two months. Other companies with a phishing bull's-eye on their backs include eBay, U.S. Bank, and PayPal. These top four targets accounted for 82 percent of all phishing and e-mail fraud scams for the month
Story here:
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23901052
Phishers Face More Jail Time
By TechWeb News
President Bush on Thursday signed into law a bill that stiffens criminal penalties for identity thieves, including those who purloin information electronically using phishing attacks.
Known as the Identity Theft Penalty Enhancement Act (ITPEA), the new law sets punishment guidelines for anyone who obtains or holds someone else's ID-related information with the intent to commit a crime.
"The bill sends a clear message that a person who violates another's financial privacy will be punished," said Bush before signing the bill. "When a person takes out an insurance policy, or makes an online purchase, or opens a savings account, he or she must have confidence that personal financial information will be protected and treated with care."
The ITPEA's goal is to make sure that identity thieves don't walk away unpunished. It adds an extra two or five years, depending on the severity of the crime, to sentences, with the additional years served without the possibility of parole.
In an online Q & A session Thursday, Deputy Attorney General James Comey noted that those arrested and convicted of phishing -- the practice of tricking users into visiting bogus Web sites, then getting them to reveal confidential financial data like credit card and bank account numbers -- would be among those facing longer prison stays.
"If the phisher uses the information to commit mail fraud, for example, that phisher will get an extra two years in jail because he used stolen identity info," said Comey.
Although online identity theft still makes up a small slice of over ID fraud, the rapid rise of phishing has caught Internet users and companies of all colors unprepared. Worse, the number of phishing attacks continue to rise.
Thursday, for instance, U.K.-based security firm MessageLabs said that phishing e-mails increased 20 percent in during May over April. Since September, 2003, when MessageLabs first began tracking phishing attacks, the scams have jumped nearly 900 fold.
"In just ten months the number of phishing e-mails has increased exponentially -- evidence that the number of individual scams has also risen dramatically," Mark Sunner, MessageLabs' chief technology officer said in a statement. "If allowed to continue unchecked, online phishing scams threaten to undermine confidence in e-commerce as a whole."
Related story:
http://www.internetweek.com/security02/showArticle.jhtml?articleID=22102528
Sender Authentication Seen As Key To End Phishing
By TechWeb News
Putting a stop to phishing attacks will require some sort of e-mail sender authentication scheme, the Anti-Phishing Working Group said Monday as it announced that 95 percent of all fraudulent e-mail scams use spoofed, or forged, "From" addresses.
May's account of phishing -- the group puts out monthly reports -- showed only a six percent increase in the number of unique attacks. The results would have been worse, said the Anti-Phishing Working Group (APWG) if not for the Memorial Day holiday weekend, which saw a significant dip of reported scams.
The average number of phishing attacks per day was also up slightly over April, the APWG reported.
But with an overwhelming majority of phishing attacks relying on spoofed sender addresses, there's little chance of beating these scams until authentication is widely adopted, said Dave Jevans, chairman of the APWG.
"The Achilles heel of phishing is the reliance on forged 'From' addresses to hide the sender's identity," said Jevans in a statement. "Once ISPs start to verify the source of messages, a lot of the bad things in e-mail, including phishing, will be greatly reduced. Not many scammers will use their personal e-mail accounts to launch a crime wave."
Multiple sender authentication specifications have been proposed, including Sender ID, a blend of Microsoft's former Caller ID for E-mail and the more popular Sender Policy Framework (SPF) which was submitted to the ITEF last week, and Yahoo's competing DomainKeys.
Of the five percent of "From" addresses which were not forged, APWG dubbed the majority as "social engineering" addresses which are not phony, but simply variations of the actual e-mail domains used by the firms phished.
For instance, one social engineering "From" address used to fool Visa customers into divulging credit card information is support@verify-visa.org, which is not a valid address for Visa. Other misleading addresses APWG has spotted include citicard@citigrop.com and billing@ebay.staff.com.
Citibank remained the number one target of phishers in May, a dubious honor the financial firm has held for the last two months. Other companies with a phishing bull's-eye on their backs include eBay, U.S. Bank, and PayPal. These top four targets accounted for 82 percent of all phishing and e-mail fraud scams for the month