Content

NCL leads calls for anti-phishing action

An initiative led by the National Consumers League (NCL) has brought together law enforcement organizations, financial services and technical industries to combat the growing threat of phishing.

Sponsorship for the initiative was provided by the American Express, First Data, and Microsoft.

The group has issued a "call to action" with the release of a paper outlining key recommendations that aim to form a comprehensive plan for combating phishing more effectively.

NCL reported that a May 2005 consumer survey by First Data found that 43 percent of respondents had received a phishing contact, and of those, 5 percent (approximately 4.5 million people) provided the requested personal information. Nearly half of the phishing victims, 45 percent, reported that their information was used to make an unauthorized transaction, open an account, or commit another type of identity theft.

The organization further noted that, in 2005, phishing scams ranked sixth in internet complaints to NCL's Internet Fraud Watch program and the scams continue to dupe consumers.

"There is no silver bullet to solve the phishing problem, but there are known responses that need more support and promising new approaches that could help deter it," said Susan Grant, director of NCL's National Fraud Information Center.

The key recommendations in the NCL report are:

  • Create systems that are "secure by design" to make consumers safer online without having to be computer experts.
  • Implement better ways to authenticate email users and web sites to make it easier to tell the difference between legitimate individuals and organizations and phishers posing as them.
  • Provide better tools for investigation and enforcement to prevent phishers from taking advantage of technology, physical location, and information-sharing barriers to avoid detection and prosecution.
  • Learn from the "lifecycle of the phisher" and use that knowledge about how these criminals operate to exploit points of vulnerability and stop them.
  • Explore the use of "white lists" to identify web sites that are spoofing legitimate organizations and use "black lists" to create a phishing recall system that would prevent phishing messages from reaching consumers.
  • Provide greater support for consumer education, using clear, consistent messages and innovative methods to convey them.

    Peter Swire, law professor at Ohio State University, wrote the report for NCL. In the next phase of this project, NCL is forming working groups and inviting organizations and experts who are concerned about phishing to examine how the anti-phishing strategies in the report can be adopted on a widespread basis.

    "We all need to work together in a systematic approach if we want to have a significant impact on the tidal wave of phishing that is hitting consumers and hurting legitimate organizations," said Grant.

  • Get daily email updates

    SC Media's daily must-read of the most current and pressing daily news

    By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.