Watch out! They're phishing for you

New Delhi: There are as many varieties of identity theft today as there are varieties of, say, mushrooms. And there are nearly as many misconceptions — about the scope of the problem, the incentives to stop it and how its costs are borne.

A recent study by Javelin Strategy and Research claimed that 8.4 million US adults suffered some form of identity fraud in 2006, reports The New York Times.

In Stealing Your Life author Frank Abagnale calls identity theft an “elementary” crime that carries a “minuscule” chance of being caught.

Even in the US, the sharp-eyed police department does not pay much heed to minor everyday cases of identity theft. The FBI, meanwhile, usually won’t get involved unless the fraud reaches $100,000, says the The New York Times.

In more than half of the cases the thief is not a stranger at all but rather a relative, friend or co-worker, says the news daily.

The banks and credit-card companies are desperate to stop the problem. Peisner, a 44-year-old veteran of the credit-card business gives a detailed view on The New York Times how online shopping via forged credit card details hit his funds.

“Let’s say one of these hackers takes the information they find in a chat room,” he says.

“He goes to the Sony Web site, buys a laptop computer for $1,000, and a month later the actual cardholder gets the billing statement. He calls up his bank and says, ‘I didn’t order a computer from Sony.’ At that point, the credit-card issuer, let’s say Citibank, sends a ‘chargeback’ through the interchange system to the acquiring bank, and that $1,000 is taken right out of Sony’s bank account, and they also get hit with a $25 chargeback fee.”

So the merchant has lost the money from the sale (as well as the laptop) while paying the chargeback fee, other bank fees and processing and shipping costs. “If you’re a merchant,” Peisner says, “you have all the liability.”

In a recent academic paper called Why Phishing Works, three computer scientists (one from Harvard and two from Berkeley) ran a study and found that “the best phishing site was able to fool more than 90 percent of participants.”

Fortunately, most phishing sites are not designed by top-tier computer scientists with good English skills.

One day an internet user discovered a fake Bank of America Web site that asked for a customer’s account number, online ID, PIN, Social Security number and address.

Only at the end of the form was the site’s illegitimacy and the creator’s foreign origin revealed, when it asked for information that should have baffled any American customer: “Father Maiden Name.”

With excerpts from The New York Times