Phishing, the practice of stealing credit card numbers and other sensitive information by spoofing legitimate businesses through email could cost consumers $500 million this year. In a new study of 1,335 Internet users, 70% said they'd unintentionally visited a spoofed website and 15% said they'd shared private information although only 2% reported an actual monetary theft. A study earlier this year by Gartner estimated that phishing scams result in $1.2 billion in loss to banks annually.
This week Amazon and Microsoft teamed up to sue several suspected phishers who've been spoofing Amazon's massive online store. The two companies are also working together to find technical solutions to the phishing problem.
Just today I received my first spoofed Amazon email informing me that if I didn't sign in and update my account information, my account would be suspended "Per the User Agreement, Section 9". It doesn't make sense, no, but it looks real, right down to the identical user sign-in. I can understand how normally savvy people could be duped; we're all so used to typing in our passwords and ID numbers dozens of times a day, we almost do it automatically. Just remember that no legitimate business would ask for sensitive information via email. You should never click any links in a suspicious looking email; they'll likely be sending you to a spoofed site.
From Information Week and the Washington Post.
Read more about the joint Amazon/Microsoft complaints.