Watch CBS News
CBS Evening News

Phishing For Your Identity

By Ellen Crean

/ CBS

Add CBS News on Google

Lori Savage isn't a novice when it comes doing business online, including shopping and banking. The executive assistant had followed all the Internet security rules, and thought her transactions were safe, until she tried to buy something with her bank card.

"They told me it was declined, and I was quite shocked about that," she says. Savage went straight to her bank and discovered $3,000 was gone.

She recalls, "He pulled up my account on the screen, and he said, "'I hate to tell you, but you're the next victim of identity theft.'"

This advanced form of identity theft is called phishing, reports CBS News Correspondent Randall Pinkston, where cybercriminals lure you into letting them into your computer to "fish" for sensitive information. And the phishers have caught plenty as they cast a ever wider net: In the last year, attacks are up 4,000 percent, costing consumers up to $1.5 billion.

Read more from Randall Pinkston's report on "phishing" – and how to steer clear of this dangerous Internet crime.

You've probably seen the most common phishing attack: an email like this that usually urges you to "reconfirm your account information." Don't click on that link. It will take you to a bogus Internet site that looks like the real thing. Once you type in your password, you have opened your account to the cyber thief, many believed to be connected to organized crime.

"They are so sophisticated, that even computer security experts sometimes have a hard time telling the real ones from the fake ones," says David Jevans of the Anti-Phishing Working Group.

But Lori Savage always deletes those pesky emails.

So, how did they do it?

Internet security expert Mike Weider thinks Savage may have been hooked by a new kind of phishing called keyboard spyware. That's sneaky software hidden inside emails or programs that you download from the web. The spyware then watches every keystroke you make.

Weider, who sells computer security software to corporations, says keystroke loggers are extremely dangerous. They can track you as you type in your passwords. The software "actually (logs) your keystrokes, and now your information is in the hands of some hacker," he says. "That's even more dangerous because you don't even have to respond to an email anymore. It's just happening in the background and watching what you do."

Banks and retailers are working to limit phishing, but quietly, in order not to scare away customers like Savage, who now says, "I'm being really careful."

But every fox brings a new lure and another chance of being the phishers' next big catch.

© 2004 CBS. All rights reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue