|
A 2005 report on identity fraud released by the Better Business Bureau and Javelin Strategy & Research challenges the assumption that identity theft is largely an online phenomenon. In cases where the victim knows the identity of the perpetrator and the method used to commit the theft, the majority stemmed from offline criminal activity.
In addition, the study claims, research supports the position that instances of identity fraud actually are declining.
Other research, from the Anti-Phishing Working Group, (APWG) posits that phishing attacks—where fraudulent spam is used to lead recipients to phony Web sites with the goal of eliciting personal financial information for criminal gain—are on the rise. According to APWG, the number of reported phishing attacks it tracked in the second half of 2004 showed an average monthly growth rate of 38 percent (2,625 unique reports in July versus 9,019 in December 2004). Overall, says APWG, it has tracked 55 brands that have been "hijacked" by phishers, with financial service firms taking the brunt of the brand damage.
While banks like Citibank and Chase may be the favored target for phishers, all companies with e-commerce operations are damaged by this affront to consumer security. Larry Ponemon, Ph.D., chairman and founder of the Ponemon Institute, an independent research and consulting group in Tucson, Ariz., advises marketers to take steps to educate their customers on how to avoid becoming the victim of a phishing scam.
Consider sharing with your customers the following tips from Ponemon and the Federal Trade Commission:
1. Personalize your e-mails to customers. By and large, phishers don't use personalization because they don't tend to have any details on whom they're sending spam.
2. Don't click on the links offered in the e-mail text, which can be redirected to a different URL. Instead, type the URL directly into your Web browser.
3. Check for a phone number and mailing address, required by the Can Spam Act. Call the provided phone number to see if it connects you to a real company. Also, verify the sending company's contact information via an online White Pages directory.
4. Be suspicious of any URL that doesn't end in .com.
5. Determine the owner of the Web site promoted in the e-mail by conducting a "Whois" search at a site like www.networksolutions.com.
6. Check for a secure transaction Web page by ensuring "https" rather than "http" starts the URL; also, a "lock" symbol should appear in the bottom corner of the Web page.
Companies Mentioned:
 |
|
