Police arrest suspected phishing gang

A large group of suspected internet fraudsters has been arrested following an investigation by the FBI.

Seventeen individuals have been arrested, four in the US and the rest in Poland, after being chased by over 20 different FBI offices.

The group is accused of carrying out a phishing attack against a major financial institution in the three months from August 2004, it is claimed.

The ringleader is a Polish man known by the nickname "Blindroot". He is said to have hacked into PCs in order to allow accomplices to host phishing attacks.

Graham Cluley, a security expert at Sophos, told ZDNet UK that so-called "spear phishing" attacks, which target a single victim, usually a financial corporation, online retailer or auction site, are a growing risk.

"These companies suffer because their brand names are tarnished," Cluley said.

In a phishing attack, fraudulent emails are sent out that claim to be from a reputable source such as a bank. Recipients are encouraged to click on a link, which will lead to a fake version of a legitimate website where their account or contact details can be stolen.

Cluley added that financial organisations should publicise widely how they expect to correspond with their customers, to help eliminate confusion. He also suggested that companies concerned about phishing could sign up to a phishing alert service, which advises them as soon as their company becomes targeted.