|
Washington, DC—Consumer
confidence in conducting business and protecting personal data
online is threatened every day by phishing scams. In an
initiative led by the National Consumers League (NCL), law
enforcement, financial services and technical industries have
joined forces to combat this threat. The group today issued a
“call to action” with the
release of a paper outlining key
recommendations that form a comprehensive plan for combating phishing more effectively.
Phishing is a large and
growing problem, in which identity thieves pose as legitimate
companies, government agencies, or other trusted entities in
order to trick consumers into providing their bank account
numbers, Social Security numbers, and other personal
information. In 2005, phishing scams ranked 6th in Internet
complaints to NCL’s Internet Fraud Watch program and the scams
continue to dupe consumers. A May 2005 consumer survey by First
Data found that 43 percent of respondents had received a
phishing contact, and of those, 5 percent (approximately 4.5
million people) provided the requested personal information.
Nearly half of the phishing victims, 45 percent, reported that
their information was used to make an unauthorized transaction,
open an account, or commit another type of identity theft.
NCL’s new report, the result
of a comprehensive three-day brainstorming retreat organized by
the Washington-based consumer advocacy organization last
September, makes multiple recommendations on how to combat it.
“There is no silver bullet to
solve the phishing problem, but there are known responses that
need more support and promising new approaches that could help
deter it,” said Susan Grant, director of NCL’s National Fraud
Information Center. The key recommendations in the report are:
-
Create systems that are
“secure by design” to make consumers safer online without
having to be computer experts;
-
Implement better ways to
authenticate email users and Web sites to make it easier to
tell the difference between legitimate individuals and
organizations and phishers posing as them;
-
Provide better tools for
investigation and enforcement to prevent phishers from
taking advantage of technology, physical location, and
information-sharing barriers to avoid detection and
prosecution;
-
Learn from the “lifecycle
of the phisher” and use that knowledge about how these
criminals operate to exploit points of vulnerability and
stop them;
-
Explore the use of “white
lists” to identify Web sites that are spoofing legitimate
organizations and use “black lists” to create a phishing
recall system that would prevent phishing messages from
reaching consumers;
-
Provide greater support
for consumer education, using clear, consistent messages and
innovative methods to convey them.
Sponsorship for the
initiative was provided by the American Express Company, First
Data Corporation, and Microsoft Corporation. The
recommendations were developed by retreat participants
representing financial services firms, Internet service
providers, online retailers, computer security firms, software
companies, consumer protection agencies, law enforcement
agencies, consumer and ID theft victims organizations, academia,
and coalitions such as the Anti-Phishing Working Group and the
National Cyber Security Alliance. Peter Swire, C. William
O’Neill Professor of Law at the Moritz College of Law of the
Ohio State University, wrote the report for NCL.
In the next phase of this
project, NCL is forming working groups and inviting
organizations and experts who are concerned about phishing to
examine how the anti-phishing strategies in the report can be
adopted on a widespread basis. “We all need to work together in
a systematic approach if we want to have a significant impact on
the tidal wave of phishing that is hitting consumers and hurting
legitimate organizations,” said Grant.
To obtain a copy of “A Call
for Action,” click
here. |
