FDIC Identity Theft Symposium
Fighting Back Against Phishing and Account-Hijacking

February 11, 2005
Washington, DC
Remarks by Susan Grant, Director
National Fraud Information Center/Internet Fraud Watch
National Consumers League

Consumer Education Efforts: Taking the Bait Out of the Phishers’ Hands

Thank you for inviting me to participate in this panel on consumer education. The National Consumers League (NCL) was founded in1899 to promote social and economic justice for consumers and workers. Public education has always been one of one of the tools that we use to fulfill our mission.

Among other programs, NCL operates the National Fraud Information Center/Internet Fraud Watch program, a hotline and web site that provides advice to consumers about telemarketing and Internet fraud and enables them to report scams to law enforcement agencies through us. While we don’t generally take complaints about ID theft, we did create a category for phishing in our fraud database in late December 2003. Since then, phishing has become one of the most common scams we hear about.

In 2004, phishing ranked as the #4 Internet fraud and the #10 telemarketing fraud reported to us. It is interesting to note that in the vast majority of complaints we receive from consumers who actually provided their personal information, they have not yet experienced any losses or other problems. So what has promoted them to report to us?

Sometimes they realize that something is wrong when they mention the incident to a friend or relative, who informs them that they might have been scammed. But often it’s because they have had their own misgivings. One man told me that he woke up in the middle of the night with the terrible thought, what if that wasn’t really PayPal that I just gave my information to?

I think this latent suspicion presents us with a good opportunity for education. Consumers want to know how they can recognize phishing and how to confirm their suspicions that requests for their personal information might be fraudulent.

We offer advice about phishing through our fraud hotline and on our www.fraud.org Web site. Last August, we launched a major public education campaign with a grant from the Star ATM and Debit Network. As part of that campaign, we created a special Web site with information about phishing, www.phishinginfo.org. We used radio, television, and print advertisements to inform the public and drive them to the site. We also produced a brochure about phishing, which is available in PDF and hard-copy format. We have the brochures here today.

But that is only a start. We need to update our materials to tell consumers about pharming and other new trends in phishing. We need to continue and expand our outreach in multiple channels and in multiple languages. We need to work with the businesses, organizations, and agencies that are commonly spoofed to ensure that there is an easy way for consumers to contact them to ask about calls or emails purporting to be from them.

And we need to give easy tools to consumers to enable them to bank online, manage online accounts, and engage in ecommerce with confidence. Cumbersome authentication systems and mechanisms that are too privacy-intrusive, such as biometrics, are not necessary and will  not work because they will not be publicly acceptable.

In addition to educating consumers about the tools that are available to protect themselves, we need to educate businesses, organizations and agencies about how to prevent being spoofed and how to protect the personal information they store. Some methods of obtaining personal information for purposes of account-takeover, such as hacking, are clearly not in the consumer’s power to prevent.

Identity theft in general and phishing in particular are huge problems that will require huge and sustained efforts on all of our parts to combat. Our partnership with Star is one example of how diverse entities can work together on these issues. We are also involved with the Antiphishing Working Group’s Education Committee, which is exploring options for increasing public awareness through a multi-media campaign.

We look forward to working with all of you to help sink the phishing boat.