Think you can spot a phony? Take our phishing quiz and find out. We'll show you two sites side by side. Select the site you think is a fraud. When you're done, we'll point out the subtle tells of phishy Web pages.
Elizabeth Brokamp isn't cocky, but she felt sure she was sharp enough to spot a scam. After all, she has two graduate degrees and has worked for the Motley Fool, an online investing site. Nonetheless, the Fredericksburg, Va., woman was fooled by an e-mail bearing her bank's logo, asking her to confirm her SunTrust account number and change her password because of suspicious activity in her account. Brokamp clicked a link in the e-mail and filled in the blanks at a very authentic-looking "SunTrust" page.
She smelled trouble days later when she couldn't withdraw money from her ATM and was told she was over the daily limit. "Someone in Italy was having a grand time with my money," she says. The thief drained nearly $3,000 from Brokamp's account.
"I had always assumed that I would be able to spot Internet fraud a mile away," Brokamp writes in an online account. "I did not, I am embarrassed to say, expect the level of sophistication of this generation of cyber thief."
Brokamp was a victim of phishing, an Internet fraud that is surging into e-mail boxes with a vengeance. By sending phony e-mails to thousands of electronic mailboxes, cyber crooks hope to lure you to a fraudulent (or spoofed) Web site where you'll be tricked into divulging personal information, such as your password and account number. The Anti-Phishing Working Group, whose members include banks, Internet service providers and technology vendors, recorded 1,142 phishing sites last October, and says that spoofed sites are multiplying at a rate of 25% per month. The group estimates that up to 5% of recipients respond to phishing e-mails, leaving them vulnerable to credit-card fraud and identity theft.
The crooks angling for your personal data aren't just teenagers and college kids trying to out-hack one another to buy home-theater equipment. Increasingly, organized-crime groups outside the U.S. -- some of which fund terrorist activities -- are behind the suspicious messages in your mailbox. And their e-mails can harbor malicious viruses that lurk in your PC and secretly harvest account numbers, passwords and other data without your knowledge.
Perhaps it was inevitable that identity thieves would trade Dumpster diving for keyboard tapping. But the explosive growth in phishing and the increased sophistication of the schemes are alarming at a time when the appetite for online commerce seems insatiable. "The criminals are getting very smart," says Larry Ponemon, chairman of the Ponemon Institute, an information-management think tank in Tucson, Ariz. "They're making it hard to determine who is real and who is fake in the online universe."
MAGAZINE
