Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Protect Your Identity

Phishers and other online thieves are targeting your money and personal data--and they're getting sneakier. Here's how to defend yourself, and how to erase the damage if you get scammed.

Bob Tedeschi

  • 0 Yes
  • 0 No

Easy Money

Identity theft in general, and phishing in particular, can be lucrative, but such theft has grown so much recently for a simple reason: It's easy to pull off.

Jevans says thieves sell and swap phishing kits "with everything--fake sites, e-mails, responder software that'll sit on the server and send data to you. All you need to do is set up a server or get some zombies and stick it on them." (A zombie is a PC used without the owner's knowledge to host malicious online activities.)

In some cases, Jevans says, the kits are simply "given away, just out of the badness of [these scammers'] hearts."

The rest is easy. Phishers simply send out mass e-mail to hundreds of thousands, or millions, of recipients and wait for a few unsuspecting people to respond.

Thieves face little risk. Many phishers set up shop in foreign countries, where it's harder for U.S. officers to nab them. Jevans estimates about 75 percent of phishing sites the group tracks are outside the country. And U.S.-based phishers often evade detection by using zombie PCs, or by constantly swapping server addresses.

New laws have helped a bit, experts say. Many state and federal statutes already cover identity theft with penalties of up to 15 years in jail; but in July, President George W. Bush signed legislation that further stiffened sentencing guidelines. Meanwhile, Senator Patrick Leahy (D-Vermont) has proposed a law under which phishers could get up to five years for setting up a spoof site and sending fraudulent e-mail, thereby showing intent to commit a crime. (Currently phishers must net a victim in order to violate laws.)

Because roughly 20 percent of phishers are foolish enough to publicly register domains for their spoof sites, experts say such laws could have bite. And the U.S. Department of Justice has made some progress in fighting identity theft.

However, law enforcement officials say users can't rely on such deterrence measures to protect them, simply because too many criminals are using ever-morphing methods for authorities to keep up.

  • Recommend this story?
  • 0 Yes
    0 No

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

Focus on Personal Productivitysponsored by Microsoft

  • Personal Finance 2.0 These free and fee-based Web services not only aggregate data from your online bank accounts, they give you tools for managing your money.
  • High-Tech Travel Tips Plenty of stories provide advice for elite mobile professionals. But what about you, the unproductive traveler?

People who read this also read:

Sponsored Links