Although junk e-mail, also known as "spam," may seem like a relatively harmless if annoying productivity killer, one form of spam is actually treacherous to corporations, especially those in the financial services industry.Called "phishing" spam or fraud spam, it emerged this year as a major vehicle for identity theft and a primary threat to the trust that online providers have established with online consumers.
"We have so quickly moved into an e-commerce generation," says Paris Trudeau, senior product marketing manager at SurfControl plc, a Scotts Valley, Calif.-based provider of e-mail- and Web filtering software. "We have banking online and services that are based on a lot of trust between consumers and vendors."
Phishing is causing a lot of credibility loss in the industry, she says. "We're seeing that consumers are beginning to be less likely to support e-commerce systems-because they don't know how to distinguish a legitimate e-mail from a fraudulent one.
Specifically, phishing refers to e-mail that pretends to be from a well-known or trusted company. The spammer, posing as a customer service representative or a security professional, directs the e-mail recipient to a phony Web site and requests confidential information, such as Social Security numbers, user names and passwords, and account numbers.
"We have seen phishing attacks grow by 500% between January and May this year as one of the main types of spam attacks," says Trudeau. "And about 70% of phishing attacks originate outside the United States, which makes it difficult to track them down."
Citibank's brand name has been the most hijacked by phishers, according to the Anti-Phishing Working Group, a Redwood City, Calif.-based industry association. Between January through May this year, Citibank experienced 1,035 unique phishing attacks in its name. Online auctioneer eBay is the second-most attacked brand name, and U.S. Bank is third.
