Anti-Phishing Group Aims To Restore TrustAnti-Phishing Group Aims To Restore Trust

Companies from a cross-section of industries on Wednesday unveiled the Trusted Electronic Communications Forum to combat phishing, spoofing, and other means of online identity theft. The group aims to promote standards and make recommendations to reduce the incidence of such attacks and restore confidence in E-mail as a trustworthy medium of marketing and communication.

"Phishing is not only eroding E-commerce, it's eroding the brand," says Shawn Eldridge, the group's chairman and director of products and marketing strategy at secure E-mail provider PostX. "The brand is a company's most important asset."

The group's founding members include ABN Amro, AT&T Wireless, Best Buy, Charles Schwab, CipherTrust, DirecTV, E-Trade, Fidelity Investments, GE Access, HSBC, IBM, National City Bank, PostX, Royal Bank of Scotland, and Siebel Systems.

The cost of identity theft, not only in dollars but in the hours it takes to repair, is staggering. According to the FTC, 9.9 million people became identity-theft victims in 2003, with an average loss of $4,800, or $47.6 billion all told. It typically takes 30 hours to resolve issues arising from an identity theft.

Phishing attacks--E-mail messages that solicit personal information using fraudulent means--have risen dramatically in recent months. The Anti-Phishing Working Group reports that phishing attacks rose 200% in April. E-mail security vendor SurfControl notes that brand-spoofing scams have risen nearly 500% since January.

An April 2004 Gartner consumer survey reveals that an estimated 57 million U.S. adults believe that they have received a phishing E-mail. Seventy-six percent of these E-mails arrived in the past six months and nearly all in the past year, at a cost of $1.2 billion to banks and credit-card companies.

The reason that everyone's going phishing, observes Gartner VP and research director Avivah Litan, is because it's so easy. "The crooks have discovered it works," she says. "It's about a 3% click-through rate." She says, however, that some companies, such as eBay, a frequent target of phishing attacks, have been making inroads in the fight against such scams.

Litan says the formation of the TECF represents a step in the right direction because no one company can deal with the problem alone.

Likewise, no single counter-measure--legal, technical, or educational--will put an end to online identity theft. "There's not one thing that's going to solve it," Eldridge says. "It's going to be a combination of things."