If it smells, it must be phish

If it smells, it must be phish

Summary: COMMENTARY--Addressing a fraud prevention and control conference in 2000, Amanda Vanstone, then Australia's Minister for Justice and Customs, said fraud was the most expensive category of crime in the nation.Citing statistics from the Australian Institute of Criminology, Vanstone said fraud costs the community between AU$3 billion and AU$3.

SHARE:
TOPICS: Malware, Security
1
COMMENTARY--Addressing a fraud prevention and control conference in 2000, Amanda Vanstone, then Australia's Minister for Justice and Customs, said fraud was the most expensive category of crime in the nation.

Citing statistics from the Australian Institute of Criminology, Vanstone said fraud costs the community between AU$3 billion and AU$3.5 billion per year.

Then, the Internet was used as a vehicle to propagate misleading advertisements -- those too-good-to-be-true bargains or get-rich-quick-schemes -- before spam even became fashionable.

"Those who display deceptive advertisements on the Internet will generally only be held liable if the objectionable content forms part of the terms of the agreement. This may then give rise to a right to rescind the contract or sue for damages. In this sense, the use of the Internet raises legal issues which are substantively the same as those that arise out of paper-based advertisements and contracts.

"There are, however, particular evidentiary and forensic difficulties associated with establishing what transpired between the parties to an electronic transaction," Dr Russell Smith, Senior Research Analyst, Australian Institute of Criminology told conference participants.

Smith explained that although Australia's consumer protection laws covered transactions with merchants who did business on the Internet, it was almost impossible to regulate or legislate contracts where a foreign company is involved.

It's now 2004 and we're still in the same predicament -- technology hasn't advanced in leaps and bounds but the criminal mindset has. If online pornography ranks as a major income earner, online identity fraud isn't that far behind. In the world of information technology, "phishing" has become the new bad boy.

The word phishing, according to the Anti-Phishing Group, comes from the analogy that Internet scammers use e-mail lures to "fish" for passwords and financial data from Net users. The term was coined by hackers who were stealing America Online accounts by scamming passwords from unsuspecting users. The first mention on the Internet of phishing was on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600".

Unlike spam, the content of these e-mail scams aren't symptomatic of people suffering from dyslexia. Westpac is a good case in point. On September 21, 2003, the Australian bank's customers were taken on a phishing expedition via an e-mail calling on customers to reactivate their accounts due to a technical upgrade which promised to "help avoid frequent fraud transactions and to keep your deposited funds in safety". Three months later, a similar scam hit the bank again.

Westpac isn't alone in it's quest to combat phishing. Apart from the National Australia Bank and Commonwealth Bank, other financial institutions including Citibank, FirstUSA and NatWest have fallen prey.

The situation is compounded by the fact that law enforcement agencies can't determine if clandestine networks or individuals are behind these scams. What's certain is consumers will continue to fall prey to this poison bait unless and until the financial sector displays some form of accountability by setting aside some serious marketing dollars and embark on an educational campaign nationwide.

Do you think banks and financial institutions in Australia are doing enough to protect consumers? Have your say by e-mailing us at edit@zdnet.com.au.

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • This sort of thing will continue (1) as long as it is profitable for the scammers; (2) the banks and others who do little or nothing to stop it are not held liable for their inaction. The only reason identity fraud is done is because banks and merchants do little or nothing about the issue, in most cases claiming it's the victim's problem. If banks and merchants had to bear 100% of the liability for accepting a transaction from someone who was committing identity fraud on someone else, you would see them doing something to stop it, and fast. Money is the only thing these organizations understand, as as long as it isn't their money, they don't really care.
    anonymous