• by March 16, 2004

As Kate Kaye reports in today's MediaDailyNews, phishing attacks are on the rise.

Phishing, or Internet fraud designed to lure personal information from unsuspecting consumers, comes on like spam. It is a form of spam. Sent in bulk, phish mail asks consumers to update personal data like credit card numbers and the like. Coupled with spam, phishing socks a double-whammy and presents yet another problem for legitimate marketers and publishers trying to grow their businesses on the Web.

Serendipitously, as I wrote this column today, I segued back to my email in-box and discovered what I believe is a phish message or, at the very least, a piece of spam. The subject header read as follows: "I was on your web site today." The sender's name was unfamiliar, though that occurs a lot. We, at MediaPost, receive many queries and communications from folks we don't know.

But the message looked like a legit piece of email that I didn't want to miss. So I clicked to open it and found the following message: "I was on your web site today. I noticed you do not have any links to mortgage companies. With interest rates at a 45-year low, more people are applying for mortgages than ever before." The text continued, urging me to sign up at the National Mortgage Network website where I would be paid $20 in exchange for applying for a loan.

People who engage in phishing attacks often use company logos, web sites, links, and URLs. In the case of URL addresses, they hide the real web address and substitute a fake one that matches a legitimate address. While spam email tries to get consumers to buy stuff, phish-mongers are literally fishing for personal data and asking folks to update important account information.

What can be done about phishing attacks? The U.S. Federal Trade Commission suggests avoiding sending personal and financial data by email. But just how realistic is that? It also warns that consumers shouldn't respond to email requesting reconfirmation of billing information, and reviewing credit card and bank account statements as soon as they are received.

While these measures address the problem on an individualized basis, it's clear that the problem, like spam, requires a combination of tech/software and regulatory/industry solutions. Of course it remains to be seen whether the Can-Spam Act will cut down on spam or not. Spam and phishing are now so pervasive, I'm not sure that any one solution will cut it.