Editor’s Note: Phishing

The lure of "phishing" is costing both the consumer and legitimate online companies.

Greetings, Graziadio Business Review reader, and welcome to this issue. You will find it is full of practical, relevant, and informative articles that will help you in conducting business, in your managerial roles, and in your pursuit of knowledge. A description of this edition’s articles can be found on the Table of Contents. We would enjoy hearing from you about whether you have found these articles helpful as well as about what your business concerns are, the business topics that interest you, and the kinds of practical and relevant information you would like to read about. But now to the point of this Editor’s Note—”phishing.”

Photo: Daniel V.

As the editor of an online journal, my easily accessible email address is the target of every sales, promo, porno, and solicitation that a scammer can think up. Most of these are captured in a scammer program and quickly deleted. More deceptive, and a concern to all of us doing business online, is the phenomenom of phishing. I was so convinced recently that a major bank needed information from me that I had to think through all of my financial transactions before realizing I was not their customer.

It has been estimated that last year phishing cost the financial services industry $1.2 billion, with banks and credit card issuers being the most heavily hit. Phishing[1] is an email scam designed to get the consumer to give up private information such as bank account numbers, credit card numbers, Social Security numbers, or any other information that will help scammers to steal the email recipient’s identity. Anyone with an email address has most likely been phished.

The ease of using the Internet makes it easy to create legitimate-looking email requests for information. Scams have progressed from the days when a fraudulent plea came in a poorly written email from the Sierra Leone Ministry of Banking Affairs asking for your help in clearing the funds from a bank account sitting idle that belonged to a family killed in an automobile accident without any heirs. With the ease of downloading images, copying the transaction wording of a reputable company, formatting a page to duplicate an authentic business website, then setting up a system to capture all that private, confidential information, it is increasingly difficult for anyone to distinguish the real thing from the fakes.

The problem is growing at an alarming rate. The Anti-Phishing Work Group[2] reports a 28% increase in phishing from July to November 2004.[3] A simple Google search on “phishing” came back with 2.5 million links. One of the articles was an FTC Consumer Alert from the Federal Trade Commission titled “How Not to Get Hooked by a ‘Phishing’ Scam.”[4] A new tool to combat phishing is the Internet Explorer plug-in from Netcraft,[5] which it is hoped will help people avoid becoming victims of online fraud. The Anti-Phishing Work Group website includes lists of the most recent online scams, the names of companies fraudulently used, and information about protecting businesses and consumers. Fortunately, we have people working on solutions; unfortunately, by the time this scam has been curtailed, a new one will have evolved.

The ease of doing business online for both customers and companies is at risk as the fear of becoming a victim grows.[6] Legitimate email requests are now either ignored or deleted because the consumer is afraid to trust the source. An article in CIO.com offers a few suggestions to businesses for combating phishing,[7] including educating your customers about the problem and about how they can tell the difference between your legitimate business and a scam.

Most Internet experts seem to agree that scamming on the Internet is not going away, rather it will take unimagineable creative forms in this new communication medium. It is imperative for companies doing business online to be aware of current fraudulent schemes and to be proactive in combating them with appropriate security measures. Companies must be responsive to the concerns and insecurities of customers by developing additional levels of online security and creating electronic avenues for their customers to verify that these safeguards are in place and that their online transactions are indeed legitimate—not the Sierra Leone Minister of Banking under a new guise.

If you have any phishing stories at your company to share, we would like to hear from you.


[1] http://www.webopedia.com/TERM/p/phishing.html

[2] http://www.antiphishing.org/

[3] http://www.antiphishing.org/APWG%20Phishing%20Activity%20Report%20-%20November%202004.pdf

[4] http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

[5] http://news.com.com/2100-1029_3-5507644.html

[6] http://www.msnbc.msn.com/id/4741306/

[7] http://www.cio.com/archive/090104/phish.html

Author of the article
Nancy Ellen Dodd, MPW, MFA
Nancy Ellen Dodd, MPW, MFA, , serves as academic editor of the "Graziadio Business Review and teaches presentations and stories at the Graziadio School." Her book on creative writing, "The Writer's Compass: From Story Map to Finished Draft in 7 Stages," was published by Writer's Digest Books in June 2011. She also served as editor of Marshall, a USC academic/alumni magazine, and started the Marshall Review, an online journal for the Marshall School of Business at USC. More than 135 of her articles have been published in local and national publications. Dodd received her master's in Professional Writing from USC with a concentration in screenwriting and an MFA in playwriting at the USC School of Theatre. Ms. Dodd also teaches screenwriting as an adjunct faculty in Seaver College at Pepperdine University.
More articles from 2005 Volume 8 Issue 1
Related Articles