Phishing a High Stakes Game

More than three dozen people around the world have been charged with stealing personal information from Internet users through a 'phishing' scam. That's where criminals trick people into revealing information by posing as staff from online banks or other organisations, usually sending emails asking customers to confirm details for 'security reasons'.

The arrests come following a Justice Department investigation that wound up in Bucharest, the capital of Romania. Of the 38 people busted, more than half were Romanian, with the rest hailing from the United States, Canada, Portugal and Pakistan.

Prosecutors say part of the scam involved Romanian criminals getting hold of credit card and bank account details, then sending them to American accomplices who used the information to make replica cards which they used to withdraw cash from ATMs. (Source: iht.com)

It's been quite the week for international cybercrime. Last Saturday Spanish police arrested five hackers across the country who allegedly attacked government sites in the US, Asia and South America. The gang, two of whom are just 16, are accused of hacking into 21,000 sites in the past two years.

Meanwhile, a British radio station has reported that computer-based crime rakes in $100 billion a year. The World Service interviewed a Brazilian hacker who uses 'phishing techniques' to get credit card details, then uses them to buy small items such as mobile phones and cameras which he can sell. He says he gets away with it because most card holders don't check their statements carefully. (Source: bbc.co.uk)

Unlike viruses and spyware, there isn't really an effective technological defence against 'phishing'. It plays on human emotion and the law of numbers; even if just one in a thousand people fall for a scam, it can rake in a fortune when criminals send a bogus message to hundreds of thousands of people.

The golden rule is to never reply to an email -- however legitimate it looks -- that asks for any personal information, whether it be user names and passwords or card details. And to be even safer, you should always type a website address into your browser rather than follow a link in an email.