Less than a week after president Bush signed into law a measure to combat cyber-identity theft, Internet con artists last week unleashed a new form of phishing bait: a double whammy of instant messages and e-mail to fool America Online Inc. subscribers into handing over their credit card numbers.
The latest phishing tactic, which spread widely across the Net over several days, was the first phishing ploy to use a combination of IM and e-mail as a lure, according to the Anti-Phishing Working Group, of Redwood City, Calif. The fraudulent scheme warns that "AOL billing information is out of date" and links to a fake site that displays the legitimate AOL URL, hiding the fake site"s URL.
The increasingly insidious methods of online fraud suggest to some in the policy arena and in industry that much stronger tools are needed than those provided by the Identity Theft Penalty Enhancement Act signed into law July 15. The new law creates tough punishments for stealing IDs in conjunction with committing another crime (such as stealing money), but it does not make the process of phishing itself a crime and does not establish new safeguards for online transactions.