It Is Time to Put Phishing Scams Out of Business

Robert X. Cringely writes, “We all get them, messages from our bank or mortgage company, from eBay or PayPal, telling us there is a glitch in their system, our account data has been lost, and if we don’t immediately update our customer information, some dire consequences will happen. It is a scam, of course. The message isn’t coming from eBay or PayPal, but from a crook trying to get you to go to their look-alike web site and hand over enough personal information to loot your bank account or impersonate you in fraudulent credit card transactions. There are tens of millions of such messages crossing the Net every day, which says to me that at least a few people are being fooled, that these so-called “phishing” scams are profitable for the people who perpetrate them.

But have you ever read a news story or heard about anybody being sent to jail for this crime, which Gartner says cost U.S. businesses $1.2 billion in 2003?

I haven’t.

In one sense, phishing ought to be the easiest of online crimes to punish because the criminal needs you to visit their house in order for them to rob you. Tracing ownership of the bogus web site used to steal personal data ought to link straight back to the crooks, themselves. Only it generally doesn’t, either because that web site has been hijacked or because it is in some country beyond the reach of law enforcement.”

[Continue reading Phish or Phisher?]