It was Christmas Eve 2003 when Nancy Boyle, 52, decided to check her bank account online to make sure there was enough cash to cover a last-minute shopping trip. But instead of finding $1,800 as she expected, she had a zero balance.
Nancy and her husband, Dan, the parents of four grown kids, had been robbed by phisher scammers. Weeks earlier she'd received an e-mail that looked like it was from her bank, warning her about possible fraudulent activity on her account and urging her to log in and confirm her personal information. But the e-mail was actually from phishers, who linked her to a bogus Web site that looked just like her bank's. The scammers used that info to clean out her available funds.
Unfortunately, the Boyles are not alone -- Gartner, Inc., estimates that 3.5 million Americans have fallen prey to phishers. Victims lost more than $2,800 on average in 2006, and have recovered only 54 percent of their money.
Nancy was lucky. She reported the fraud to her bank the next day and her money was refunded quickly. She had to file a police report, close all of her accounts, then open new ones. Her eBay user name had also been snatched by the thieves, who were trafficking in stolen goods on the strength of her reputation -- she and Dan operate a home decorating business in Wisconsin -- so she had to contact eBay's corporate office too. Once that was straightened out, the Boyles thought they had put their problems behind them. But exactly one year later, on Christmas Eve 2004, Nancy checked her new account. This time $2,400 had been taken. She'd been victimized by a keylogger -- a piece of software that detects when you visit a banking site, captures your keystrokes, then sends the data to crooks who extract user names and passwords. The Boyles promptly installed security software to prevent future incidents.