The number of people purchasing products (goods and/or services) and executing financial transactions via the Internet has increased significantly over the course of the last several years. Many online enterprises have managed to attract and retain large customer bases resulting in significant growth and financial success. However, many successful online enterprises have not only drawn the attention of new customers, but they have also attracted unscrupulous persons seeking to defraud others.
One of the more common scams practiced by fraud perpetrators is referred to as “phishing.” Phishing involves sending an email to the users of a legitimate online enterprise and directing the users to visit a web site where they are asked to update personal information, such as passwords and/or credit card numbers, social security numbers, and bank account numbers, or any other number that may, or may not, already be on record with the legitimate enterprise. Both the email and the web site to which the user is directed are “spoofed.” That is, the email and the web site, commonly referred to as a spoof site, are purposefully designed to look as if they are from, or associated with, the legitimate online enterprise. However, in reality, the purpose of the phishing email is to direct the user to the spoof site, which exists for the sole purpose of stealing the user's personal information.
In a typical phishing scam, the perpetrator will target a large number of users of a large and well-established online enterprise, knowing that only a small percentage of the targeted users will actually provide the requested personal information. Once the perpetrator has stolen a user's personal information, the perpetrator can use that information fraudulently to the perpetrator's benefit. For example, the perpetrator may access the user's account at the online enterprise and enter into fraudulent transactions. For example, the fraudulent transaction may be for goods and/or services in an online commerce system (e.g., in a fixed price or an auction environment). Alternatively, the perpetrator may attempt to transfer money from one of the user's accounts to another account held by the perpetrator (e.g., in an online banking environment). When the user finally realizes his mistake in furnishing his/her personal information, typically it is too late as the negative consequences have already occurred.
Fraudulent activities, and phishing scams in particular, are a problem for online enterprises for a variety of reasons. One obvious problem related to these scams is the effect they have on consumer trust. Because online transactions are entirely automated and generally lack any person-to-person interaction, consumer trust is particularly important to online enterprises.
In addition, a large online enterprise frequently targeted by phishing scams must dedicate significant resources to dealing with the problems that arise as the result of such scams. For example, an online enterprise may employ several people to answer customer calls and investigate customer complaints resulting from phishing scams.