HELSINKI, Finland – Twenty years after the first PC virus was set loose, organized criminal gangs are flooding the online world with increasingly wide phishing scams. That's the view from F-Secure Corp., the international Internet security firm, which found in a recent scan of top-level domain names (.com, .net, .biz, etc.) that such big names as eBay, Chase and CitiBank had 8,057, 497 and 407 Web sites, respectively, show up with their names in them. Some of those are, of course, legitimate but "typically, most are there to separate the foolish and their money," Helsinki-based F-Secure (www.f-secure.com) says in its report on the state of online security for the first six months of 2006. The company also noted that in addition to phishing attacks-in which criminals far afield hope to dupe the unsuspecting into logging real information into a fake Web site-it knows of more than 185,000 computer viruses, a number it says continues to grow rapidly. F-Secure also notes that it now has been 20 years since the first one appeared in 1986. It was called Brain and spread through floppy disks. However, in those 20 years, "the most significant change has been the evolution from virus-writing hobbyists into criminally operated gangs writing viruses for financial gain," says Mikko Hypponen, F-Secure's chief research officer. And while many of the phishing attempts are ham-handed bids to lure consumers to sites purporting to be from banks and credit unions where they don't even have accounts, others are quite deceiving. In a recent study examining phishing Web site techniques, it turns out that the most visually deceptive spoofed site was able to fool 90% of the study's participants, including technically advanced users, F-Secure says in its report. The reason-human nature. "It was the look, not the spoofing of security features that did the job," Hypponen says. He says that fraudsters designing visually deceptive phishing sites "count less on technical subterfuge than on the failings of the human brain's power of perception. If it looks like what the brain is expecting, then the brain often won't see that it isn't." Hypponen also says he would like to see financial institutions allow users to customize their online banking interface with a picture they choose-a pet, a family member, something they would notice if it was missing. "There are companies that are working on visual personalization technology," the lead F-Secure researcher says, "and we think that's a good idea that could significantly reduce the size of the phishing net." [email protected]