consumers love internet shopping, but one of their top fears is having their identity ripped off. Turns out they're right to be afraid. Identity theft costs U.S. businesses and consumers $50 billion to $60 billion a year, according to the Federal Trade Commission.
One of the most insidious forms of ID theft is "phishing." An alternate spelling of fishing, as in fishing for victims, phishing is a type of Internet fraud that uses deceptive e-mails and fraudulent Web sites to fool recipients into divulging their personal financial data such as credit-card numbers, account user names and passwords and Social Security numbers.
Sen. Patrick Leahy, D-Vt., introduced the first anti-phishing bill last month. But just as there is no way to cork spam entirely, even if a federal law eventually passes, phishing will still go on, e-mail professionals admit. Some technological band-aids are available that help keep phishers at bay, but none to quelch them. That leaves the responsibility for protecting consumers in the hands of marketers, who need to get out preventive tips to consumers.
According to the Anti-Phishing Working Group, phishers are able to persuade up to 5% of recipients to respond to them. A typical attack would send out an e-mail to a consumer from that consumer's bank, saying that it is updating its databank and wants to verify the consumer's password. When consumers click through, they see a site that is nearly identical to their bank's site. So, they key in their password, and in a matter of minutes, have given up information that a criminal can use to rip them off.
IT LOOKS REAL
How can consumers be fooled? These fraudsters are far more clever than your average Viagra salesman, experts said. The sites they build and e-mails they send are so authentic-looking that even sophisticated consumers can be duped. "Phishing attacks are tricks," said Al DiGuido, CEO of e-mail-marketing company Bigfoot Interactive. "It only takes a lapse in judgment for a second for you to provide your Social Security number or name."
Some 64 brands had been hijacked by an estimated 2,500 active phishing sites in January 2005, according to the Anti-Phishing Working Group, comprised of ISPs, financial services companies and other marketers. Marketers spent $2.7 billion on e-mail marketing in 2004, according to online marketing firm Jupiter Research.
"It's a much more nightmarish problem than spam," said Ben Isaacson, privacy and compliance leader at database-marketing company Experian. "We, as an industry, have been working so hard to create true confidence in Web and e-mail communications. Phishing threatens all that. It's moved well beyond the annoyance factor that spam represents."
Consumers aren't the only victims. "Because phishers leverage marketing materials and brand relationships customers have with corporations, they are ripping off a brand's equity," said Quinn Jalli, director of privacy and ISP relations, Digital Impact.
Internet service providers such as Earthlink are among the most phished sites. In February, the Atlanta company launched a campaign to inform consumers that "there's somebody home at Earthlink looking after them," said Rob Strasberg, VP-creative director, Crispin Porter & Bogusky, which is handling Earthlink's campaign.
Earthlink, like other ISPs, wants to get out the message that consumers need to be aware of attempts to get at their personal information. "Anything we can do to encourage vigilance to the consumer is a good thing," said Les Seagraves, chief privacy officer and assistant general counsel at Earthlink.
Earthlink offers downloadable tools for free to any consumer who wants them-not just Earthlink subscribers. The "scam-blocker" campaign notifies a consumer with a red light when a Web site the consumer is browsing is on Earthlink's phishing blacklist. The tool shows a green light when the site is on Earthlink's white list.
The marketing campaign features actual Earthlink employees who work in the fraud-protection area. In the ads they compete against each other to be chosen as the best workers. One ad features brothers Jay and Scott competing. The winner gets his own parking space. Viewers go to earthlink.net to choose the winner or call a toll-free number.
About 40,000 consumers responded each week for the first four weeks of the campaign, according to Mr. Strasberg. The winner, Jay, was announced in print ads in USA Today and on the Web.
"Once you get to know somebody by name, you feel safer," Mr. Strasberg said. "It's not a cold, scary place. There's actually someone with a name working for you."