When people withdraw money at the bank, the teller usually asks for some ID to prove they are who they claim to be. It would be quite unusual, though, for a customer to ask a bank employee for ID. The bank infrastructure -- right down to the mahogany paneling and portraits by famous artists on the wall -- assures people they really are at the bank.

Not so online, but that is about to change.

When I log onto a Web page the bank is reasonably sure I am me, said Mark Rasch, senior vice president and chief security counsel of Solutionary Inc., a security software developer based in Bethesda, Md. We, however, need to redesign the whole system. We need to be able to authenticate both parties to each other.

A quarterly report of corporate IT security officers released by International Data Group said so-called phishing, scams utilizing e-mail or pop-up messages to trick the computer user into revealing private information, is set to increase. The survey by IDG's CSO Magazine found 96 percent of 459 corporate IT security officers think these scams will proliferate in 2005.

I was an early adopter of electronic banking, Paul Stich of California told UPI's The Web. But I am very nervous about it now.

Online security technology developer CipherTrust said 15,000 new computer zombies are created every day -- home and business computers that are taken over by hackers and used for other, nefarious activities, a spokeswoman told UPI.

Hackers lure unsuspecting users into clicking on a fraudulent Web link and then commandeer their computers.

This is data mining, said Stich, who is president and chief executive officer of Counterpane Internet Security, a developer based in Mountain View, Calif. These people may already know your Social Security number and other vital information. They're just looking to take the next step with your personal information on your PC.

Large corporations and banks are beginning to fight back against these hackers. They are deploying software that can scan the Internet protocol address of an incoming e-mail and determine if it is from a suspect source or geographic region where a lot of Internet criminal activity originates, like Southeast Asia, said David Helsper, vice president of engineering and product development at Digital Envoy in Norcross, Ga.

The technology was developed in the mid-1990s for advertising purposes -- marketers who wanted to know where their online customers were coming from. Now that same data, that IP intelligence, as Helsper called it, is being used to chase down organized criminals on the Net.

We can tell you interesting things about where an e-mail came from, Helsper told UPI. We can determine the zip code of the sender -- their geography -- and other attributes.

The software scans the headers of the e-mail -- the purported location of the sender -- and also looks at the body of the message.

There are a lot of sophisticated rules and logic to help prevent online fraud and ID theft, Helsper said. Everyone, when they come online, has their own unique identifier.

Helsper said he believes organized criminal syndicates are behind the most treacherous of the online scams.

These guys are not just going after $1 million or $2 million, he said. They are going after the big bucks. Banks are afraid to tell customers about this. They don't want to scare them to death. They have to walk a fine line.

These scams happen to people from all walks of life, not just those new to the Web. The CEO of the training software firm Video Professor had his identity stolen and the thief, who was apprehended, took him for $90,000 in credit card purchases and the like, Brian Olson, director of marketing communications at the company, told The Web.

Scammers often take advantage of news events to con people into revealing information about their finances online.

I was giving a talk here recently at Duke and a person came up to me and said he had been the victim of phishing, Chris Cramer, information technology security officer at Duke University, told The Web. He was a customer of a bank that recently merged with SunTrust Bank. The e-mail referenced the merger and asked him for information by e-mail. He didn't think about it -- until after he hit the submit button.

Ultimately, the individual had to close his banking accounts to protect himself from further losses.

Internet Service Providers like Earthlink are including a version of fraud scanning software in their browsers, checking links that users click on and comparing them with a list of suspect links. The software is available as an add-in for a user's browser.

This is mostly an e-mail issue, Cramer said. They have the same type of e-mail lists that a spammer might have. Blanket e-mail to hundreds of thousands of people -- many of whom have not used the product. The e-mail will look very official. They create sites that look identical to the bank's sites, except they use an IP address.

Research by the Anti-Phishing Working Group -- an industry consortium -- indicated phishing attacks increased by 29 percent last month, compared to the prior month. Rasch said about 3 percent of phishing attacks ultimately succeed.

That's remarkable when you consider that only 1 percent of direct mail succeeds, he said. What is needed to stop this is stronger authentication -- and more awareness of the issue.

--

The Web is a weekly series by United Press International that covers the technological, economic, and cultural implications of the phenomenon known as the World Wide Web. Contact Gene J. Koprowski at [email protected]

Related Links
SpaceDaily
Search SpaceDaily
Subscribe To SpaceDaily Express

Memory Foam Mattress Review

SPACE MEDIA NETWORK PROMOTIONS Solar Energy Solutions Tempur-Pedic Mattress Comparison ... Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News