Phishing e-mails drive FTC chief 'insane'
Deborah Majoras says the agency is seeking new ways to remind consumers not to heed deceptive electronic pleas for personal information.
WASHINGTON--If your in-box is pelted by a seemingly ever-growing supply of inquisitive e-mails purporting to come from the likes of PayPal and Bank of America, the federal agency charged with consumer protection says it feels your pain.
The deceptive technique--in which crooks dispatch e-mails requesting sensitive personal information, typically by masquerading as financial institutions--"is one practice that absolutely drives me insane," Federal Trade Commission Chairman Deborah Platt Majoras told attendees at the first National Cybersecurity Awareness Summit, which was put on here Monday by a nonprofit partnership of federal government agencies and software vendors.
That's because phishing, more so than some other forms of cyber malice, is a prime example of a tactic that would all but evaporate if more consumers were better informed of what to look out for, she suggested. (After all, it's also an only slightly higher-tech variant of one of the oldest scams in the book--the "ph" comes from the original telephone-based variety of phony information-seeking.)
"I feel like if we could just teach every consumer what this means, never respond to that kind of contact, and train them to hit delete and not reply, we could clear this up," she said.
To that end, the agency is concocting a new video to supply "important information about phishing" and plotting other ways to "revitalize consumer education efforts," Majoras said. Working with the financial sector to spread the word will be critical because the messages so often rely on confusing consumers with the real thing, she added.
Attempting to go after the enterprising e-mailers in court will play some role, too. Majoras said the commission has already targeted phishers with three civil cases and has also worked closely with the Department of Justice to pursue criminal penalties, which the FTC doesn't have authority to levy, as what they hope will supply a further deterrent.
At the moment, the FTC has about two dozen open investigations involving corporate data security practices, she said, adding, "where appropriate, we will again take enforcement actions."
But it's questionable whether such actions will really make a dent. Phishing attempts have by far outnumbered any other sort of malicious activity reported to the U.S. Computer Emergency Readiness Team (US-CERT) since 2003, accounting for nearly 42,000 of some 63,000 total reports, Department of Homeland Security cybersecurity czar Greg Garcia told summit attendees.
Still, there's no reason for panic, said Wayne Abernathy, who represents the American Bankers Association. It's actually quite simple--banks don't do business by asking consumers for basic account information via e-mail, he said. "If customers receive e-mails for asking such information, they should consider them to be fraudulent in nature," he told summit attendees.