Netting Phishers at the Grassroots Level
Not all good deeds go unnoticed.
We are taking notice of a few Americans being good cybercitizens. They are trying to put a dent in fraudulent e-mail scams, called phishing, that attempt to steal your personal data.
Yes, there are working groups like Anti-Phishing.org trying to net the problem, but they are more geared toward business. Some are doing it at the grassroots level.
Steven Peisner spends a few hours a day calling victims of these scams and reading out their stolen information, like credit card account details and Social Security numbers. He pours through cybercrooks' forums looking for the names of victims whose personal information is for sale online. As phishing continues to escalate, warning victims over the phone is the safest way.
"We need to take control of the situation," Peisner tells USA Today. "The police have their hands full with these types of cases. It's up to consumers like me to take action."
Peisner does not profit from his advice to consumers but does sell his company's services to businesses via his website, SellitSafe.com.
Over the past four years, former insurance claims supervisor Betty Ostergren has found 18,000 Social Security numbers posted on public government websites.
Another woman in the United States, Janice Forster, started up her own website called FindMyId.com which educates consumers about online ID theft. She has mailed hundreds of letters to phishing victims alerting them to their personal information online.
A University of Washington graduate also launched a website in the hopes of catching some phish. David Ulevitch's Phishtank.com is a self-described anti-phishing community where anyone can submit examples, track them and share information about them.
Ulevitch says his site is a form of community policing. "We've had people compare it to a neighborhood watch, something like that," he tells the St.Louis Post-Dispatch.
Security vendor Symantec detected more than 150,000 unique phishing messages in the first half of 2006. That was an 81% increase from the second half of 2005.
Attacks are becoming much more sophisticated as well. It is often the customers of AOL, eBay, PayPal and other high-profile companies that are targeted. Messages that used to address customers as "Dear valued (company name) member" now feature personalized name and address information. Law enforcement officials say one scam tricks customers with bogus phone numbers that require the victim to call a number to verify data; however the number is actually recording data with the intent to steal it. Often times, the stolen information winds up on cybercrime forums.
Computer users will keep on falling for phishing scams hook, line and sinker, but thanks to the good intentions of a few cybercitizens some of the victims may be off the hook before they are reeled in.