You receive an innocuous-looking e-mail from, say, your bank, your stock brokerage or a utility company.
The e-mail asks you to "verify" or "re-submit" personal data -- such as bank account or credit card numbers; passwords or personal identification numbers -- using a return e-mail or a form on a linked website.
But, if you do, thieves hiding behind the seemingly-legitimate website or e-mail can use the information to withdraw money from your bank account, pay for online purchases using your credit card or even sell your personal information to other thieves.
Welcome to the world of "phishing" in China, where scamsters are casting their net ever wider, even as the police and financial institutions are grappling with ways to fight back.
Phishing is the sending of an e-mail to a user falsely claiming to be a legitimate enterprise to trick the user into giving out private information that can be used for identity theft.
Phishing, also referred to as brand spoofing or carding, is virtual fishing -- bait is thrown in the hope that, while most will ignore it, some will be tempted into biting.
Figures show there is cause for alarm in China: More than 540 phishing cases were reported in the first quarter of this year, about half the number reported over the whole of last year.
The data was revealed in Beijing yesterday during a workshop on fighting online crime given by Zhao Shiqiang, an official with the Ministry of Public Security engaged in Internet safety supervision.
"Phishing has become the hottest and most troubling new scam on the Internet and is dramatically spreading in China," Zhao said.
He said of the known websites used for phishing worldwide, 12 per cent were found in China, second only to the United States.
"The financial services industry has taken the biggest hit," said Zhao, adding that 80 per cent of the reported phishing attacks are targeted at the sector.
Li Xiaofeng, a senior official with the People's Bank of China, the central bank, said phishing poses a severe threat to the rapid development of online financial services in the country.
Industrial and Commercial Bank of China (ICBC) -- which was hit by phishing last year -- saw more than 140 billion yuan (US$17 billion) of online transactions between January and April this year, Li said.
"The volume of online transactions in ICBC now accounts for a quarter of total turnover. But phishing seriously threatens the safety of online banking and dampens customer confidence in e-commerce," said Li, mentioning a case last year in which phishers used a bogus site -- "1CBC" -- in place of "ICBC" to extract customers' personal information. He did not reveal the extent of losses, if any.
Li stressed that financial institutions need to invest in technologies -- such as one-time "identity tokens" or smart cards in addition to user names and passwords -- to make e-commerce safe for customers.
He advised netizens not to provide personal information to websites using a link from an e-mail or an Internet advertisement, however legitimate it may appear.
(China Daily June 16, 2005)