The New York Times The New York Times Technology Create customized news alerts

NYTimes: Home - Site Index - Archive - Help

Welcome, vsauter2 - Member Center - Log Out
Site Search:  

Email This Article E-Mail This Article
Printer Friendly Format Printer-Friendly Format
Most E-mailed Articles Most E-Mailed Articles
Reprints & Permissions Reprints & Permissions


A Powerful Bait
Graphic: A Powerful Bait



Computers and the Internet

Frauds and Swindling

Trademarks and Trade Names


NYT Store
Circuits: How Electronic Things Work
Circuits: How Electronic Things Work
Price: $29.95. Learn More.

Do you have a minute?   See what A.O. Scott has to say about Kim Basinger’s new movie “Cellular.”

Watch the Movie Minute now.
Find showtimes in your area.

Users Find Too Many Phish in the Internet Sea


Published: September 20, 2004

You can be whatever you want to be on the Internet - even if you want to be Citibank.

A recent flood of fake Citibank e-mail messages demonstrates the growing arsenal of technical and psychological tricks that online tricksters, called phishers, are using to get people to divulge personal information.


Hackers first coined the term phishing in the mid-1990's to refer to the art of stealing America Online accounts. But e-mail messages collected by the Anti-Phishing Working Group, an industry association, show that phishers are now going where the money is. In the group's June report, the most recent available, it said it had seen 492 different mass-mailings intended to fool Citibank customers. That compared with 285 aimed at eBay users.

The messages, and the fake Web sites they direct recipients to, are loaded with tricks that in some cases circumvent the tips once given to consumers about how to avoid online fraud. For example, one trick masks the address bar in the Web browser to conceal the true address of the site. And in the last year or so, senders have learned a new technique: proper spelling and grammar.

"It's survival of the fittest," said Jon Oliver, chief messaging security officer at MailFrontier, a maker of spam- and fraud-fighting software. One fake Citibank message managed to impress a specialist in online marketing. "From a marketer's point of view - and I'm pretty brand-conscious - it struck me as being realistic," said Lawrence Hefler, vice president of e-business and strategic alliances at Hilton Grand Vacations and the chairman of the Direct Marketing Association's Internet committee.

"The hot buttons are there," he added. "Clearly people are very conscious of privacy, but because of that consciousness they're aware of the identity theft issue, and that's the first thing they talk about in the e-mail."

A Citibank spokesman listed a number of steps the bank is taking to fight the scams, including educating customers, but he declined to discuss how much damage they had done.

Big Internet companies are trying to plug some of the larger security holes exploited by phishers and spammers - for example, the ease with which the return address on a message can be faked. Microsoft has been trying to win support for a Sender ID system that could spot messages sent from machines that were not authorized to use a domain name like in return addresses.

But last Thursday, America Online rejected Microsoft's approach, in part because groups supporting open-source software had objected to using Microsoft-owned technology. AOL said it would adopt a different system.

Such approaches would not stop fraudsters from using fake domain names like It may be some time before businesses like Citibank are able to stop the theft of their own identities.

Special Offer: Home Delivery of The Times from $2.90/week.

.TECHNOLOGY; U.S. Tally in Online-Crime Sweep: 150 Charged  (August 27, 2004)  $
.Glaxo Agrees to Post Results Of Drug Trials on Web Site  (August 27, 2004)  $
.TECHNOLOGY; Junk E-Mail And Fraud Are Focus Of Crackdown  (August 25, 2004)  $
.THREATS AND RESPONSES: DOMESTIC SECURITY; Some Steps Put in Place To Aid Border Security  (July 26, 2004)  $
Find more results for Computers and the Internet and Frauds and Swindling

. Digital Domain: The New Silicon Valley: A Dog-Eat-Dog World
. Fear and Laptops on the Campaign Trail
. Download, Peel and Stick, and All the World's a Gallery
. Why We Fear the Digital Ballot
Go to Technology

IBM Middleware for integration. That's On Demand Business.

AT&T CallVantage Cable/DSL home calling

Free Avaya IP Telephony white paper