The number of "phishing" e-mails circulating on the Web has increased from
279 to 215,643 over the past six months, according to e-mail security company
Phishing is an Internet scam in which
unsuspecting users receive official-looking e-mails that attempt to fool them
into disclosing online passwords, user names and other personal information.
Victims are usually persuaded to click on a link that directs them to a doctored
version of an organization's Web site.
which monitors corporate e-mail traffic, said Monday that in September 2003 the
company encountered just 279 phishing e-mails. In January 2004, this figure
reached 337,050 and then dropped back to 215,643 by March. The company said it
is impossible to estimate exactly how many people have been fooled by the
The Anti-Phishing Working Group (APWG), which was formed in November 2003 to
provide a forum for financial institutions to share information about new
phishing campaigns, recently warned its members about an attack that can modify
the victim's browser by replacing the address bar with a Java applet. This
allows the attacker to take the victim to any Web site but display the address
of an official Web site in the browser's window, increasing the chances of
According to the APWG's
Web site, the new attack targeted Citibank customers at the end of March.
"This sophisticated new attack automatically detects the consumer's browser and
bar with an appropriately designed working fake. You can even type in the bank's
Web address directly into the fake address bar--this is a live piece of
Munir Kotadia of ZDNet
UK reported from London.