It sounded serious and looked legit. Megan Rosati, a 22-year-old recent college grad, received an E-mail, addressed to her - from what appeared to be her bank, Citibank. The message was urgent, telling her to "confirm security information."
So, she followed the instructions and clicked on the linked Web site. She promptly filled in the blanks, including her name, password, and account number.
By the next day, Rosati knew she had made a grave mistake. "Over $1,600 was missing from my bank account." The money was withdrawn from ATMs located as far away as Greenwich, England.
Like millions of Americans, Rosati was the target of a phishing scam - a cyber fraud aimed at getting you to fork over your credit card information, Social Security number or other personal data. The goal: to clean out your bank account or set up new accounts using your identification.
Fortunately, when Rosati notified CitiBank, she was able to convince officials that she had been robbed and the bank gave her $1,600. But many are not that lucky, and the money is not returned.
Brazen cyber thieves have been around for years. But now the phishers have gone from savvy kid hackers to sophisticated criminals. And they are stepping up their fleecing efforts with more aggressive, more targeted and more technologically advanced Internet scams.
Newer bogus E-mails are sometimes personalized. They come after you with urgent messages - ironically telling you must do something quickly to avoid a security breach. And they are mimicking legitimate sites down to the logo and the language.
The number of people falling prey to phishers is growing as rapidly as the annoying spam piling up in your inbox.
Last year Internet bad guys cost American Web surfers nearly $1 billion, according to a recent survey by Gartner Group. The same study found that as many as 73 million adults were hit by 50 phishing E-mails last year, up 28 percent from the year before.
"It's skyrocketing," said Andrew Weinstein, a spokesman for America Online. "It's the most potentially destructive danger on the Internet."
Traditionally, phishers have targeted the customers of major institutions, like big banks, or shopping sites like eBay, or PayPal, the giant online payment facilitator.
But in another new twist, called "puddle phishing" they are now going after the customers of smaller regional banks and credit unions. Because the crooks are targeting a smaller group, their pitches can seem more credible, making the targets even more vulnerable.
"This started in late 2004 and gained momentum in 2005," said Bill Rosenkrantz, group consumer product manager, Symantec, a security company. "It's worth it to the (phishers) to go after the smaller banks."
Even if you are smart about not revealing your information, you could be in trouble just by clicking on a link in a bogus E-mail. Clever hackers now fill scam Web sites with dangerous viruses that could infect your computer when you visit the site.
"Once the computer is infected the hacker can track every key stroke or steal all of your personal information," Weinstein said.
Getting educated about the perils of phishing is your first line of defense. "A majority of threats can be addressed by employing common sense," Symantec's Rosenkrantz said.
Heed the following tips from the experts and from the Anti-Phishing Working Group:
̢ۢ Be suspicious of any E-mail with urgent requests for personal financial information.
̢ۢ Have an anti-spam solution in place either from your Internet service provider or buy anti-spam software, or both.
̢ۢ Don't use the links in an E-mail to get to any Web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the Web site directly by typing in the Web address in your browser.
̢ۢ Always ensure that you're using a secure Web site when submitting credit card or other sensitive information via your Web browser. To make sure you're on a secure Web server, check the beginning of the Web address in your browsers address bar. It should be "https://" rather than just "http://".
̢ۢ Regularly log into your online accounts to ensure that all transactions are legitimate.
̢ۢ If you think you've been scammed, notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their Web site: www.ifccfbi.gov/
