Published: March 2006
Groups unite to battle phishing
Coalition: The Phishing Retreat
Consumer confidence in conducting business and protecting personal data online is threatened every day by phishing scams. In an initiative led by the National Consumers League (NCL), consumer groups (including Consumer Action), law enforcement, financial services and technical industries have joined forces to combat this threat.
On March 16, the Phishing Retreat coalition issued a 'call to action' with the release of a paper outlining key recommendations that form a comprehensive plan for combating phishing more effectively. The new report, the result of a comprehensive three-day brainstorming retreat organized in September 2005 by NCL, a Washington-based consumer advocacy organization, makes multiple recommendations on how to combat phishing.
Phishing is a large and growing problem, in which identity thieves pose as legitimate companies, government agencies, or other trusted entities in order to trick consumers into providing their bank account numbers, Social Security numbers, and other personal information. In 2005, phishing scams ranked 6th in Internet complaints to NCL's Internet Fraud Watch program and the scams continue to dupe consumers. A May 2005 consumer survey by First Data found that 43 percent of respondents had received a phishing contact, and of those, 5 percent (approximately 4.5 million people) provided the requested personal information. Nearly half of the phishing victims, 45 percent, reported that their information was used to make an unauthorized transaction, open an account, or commit another type of identity theft.
Consumer Action's Linda Sherry, who participated in the retreat, said, "This was a welcome opportunity to focus on the thorny problem of phishing and other Internet frauds. I was most impressed by the level of expertise at the retreat—the report reflects that and has some solid recommendations for a multi-faceted approach."
"There is no silver bullet to solve the phishing problem, but there are known responses that need more support and promising new approaches that could help deter it," said Susan Grant, director of NCL's National Fraud Information Center.
The key recommendations in the report are:
- Create systems that are 'secure by design' to make consumers safer online without having to be computer experts;
- Implement better ways to authenticate email users and Web sites to make it easier to tell the difference between legitimate individuals and organizations and phishers posing as them;
- Provide better tools for investigation and enforcement to prevent phishers from taking advantage of technology, physical location, and information-sharing barriers to avoid detection and prosecution;
- Learn from the 'lifecycle of the phisher' and use that knowledge about how these criminals operate to exploit points of vulnerability and stop them;
- Explore the use of 'white lists' to identify Web sites that are spoofing legitimate organizations and use 'black lists' to create a phishing recall system that would prevent phishing messages from reaching consumers;
- Provide greater support for consumer education, using clear, consistent messages and innovative methods to convey them.
Sponsorship for the initiative was provided by the American Express Company, First Data Corporation, and Microsoft Corporation. The recommendations were developed by retreat participants representing financial services firms, Internet service providers, online retailers, computer security firms, software companies, consumer protection agencies, law enforcement agencies, consumer and ID theft victims organizations, academia, and coalitions such as the Anti-Phishing Working Group and the National Cyber Security Alliance.
Peter Swire, C. William O'Neill Professor of Law at the Moritz College of Law of the Ohio State University, and former privacy czar under the Clinton Administration, wrote the report for NCL.
In the next phase of this project, NCL is forming working groups and inviting organizations and experts who are concerned about phishing to examine how the anti-phishing strategies in the report can be adopted on a widespread basis.
Lead Organization
More Information
Download PDF
Groups unite to battle phishing (Phishing_Report.pdf)
Quick Menu
