Posted by admin on May 06, 2010


Phishing Scams Abound

Well, it was inevitable. 

In addition to popular bank phishing scams, cybercriminals are now targeting naïve consumers by claiming to be government officials.  Scammers are sending emails that appear to be from the FTC, IRS, or DOJ.

The FTC reports that corporate and banking executives, as well as other consumers have been targeted.  Fake email purporting to be from the government agency, is sent with embedded spyware which then transmits personal information to the thieves.

Most of the IRS phishing emails sent to individuals inform recipients they are either under investigation or have an unclaimed tax refund.  The IRS has gotten over 23,000 complaints about phishing scams in the last 18 months.

That’s just the tip of the iceberg because the vast majority of scams are never reported.  According to the Treasury Inspector General for Tax Administration, the scams have been "unprecedented both in terms of sophistication and the volume of reports we have received,"

Phishing More Sophisticated than Ever

The GAO, Congress's investigative arm, estimates that $1 billion dollars a year is drained out of the US economy by phishers.  Amazingly, despite all the attempts to educate consumers about the dangers of phishing, close to 10% of online households still submit personal information in response to phishing emails.

The phishers are no longer just casual hackers looking for an easy buck.  There is a vast underground criminal network running the scams.  Multilayered organizations make tracking and capturing the criminals difficult.

For example, some parts of the organizations specialize in sending the phishing emails.  Other parts sell the stolen identities.  Finally, top level criminal bosses steal and launder the money obtained from innocent victims’ accounts.

How Ecommerce Merchants Guard Against Phishing

Online, both standard and high risk merchants are increasing being targeted by cybercriminals.  Protection against fraud is more important than ever.

You can help safeguard your business against phishing attacks by using a secure payment processing gateway. Enable all the fraud fighting tools in the gateway. You get extensive protection, at a very low cost.

In addition, remember that internal security is vitally important.  Limit access to your payment processing system.  Watch your audit trails.  Change passwords on a regular basis.  And keep a close track of every employee and vendor that has access to your system.


Although fraud can never be completely prevented, it can be controlled.  Enable the fraud-fighting tools in your payment gateway. And keep internal security tight.

How are you protecting your business against fraud?