Phishing in the Fund Pond

As a former prosecutor, I am not overly fond of criminals (although, who is?). But every so often, I have to admit I really admire their ingenuity.

Take this story from Thursday's Wall Street Journal: Earlier this week, the SEC filed a complaint against a website called FairPax.com that spoofed the real sites of the Pax World Funds, which include Pax World Growth (FUND:PXWGX), Pax World Balanced (FUND:PAXWX), and Pax World High Yield (FUND:PAXHX), to reel in unwary investors. The fact that FairPax.com promised the unlikely sum of more than 650% annual returns apparently failed to set off alarm bells for visitors to the site.

Some victims are believed to have not only filled out application forms, but also sent in money to open up accounts with the phishers. ("Phishing," by the way, refers to a tactic used by Internet-based fraudsters to elicit personal and financial information, passwords, etc., that the phishers can use to commit further fraud. Read all about the phenomenon in Dayana Yochim's primer on Stupid Credit Tricks.)

Now, the taking-candy-money-from-babies aspect of the fraud doesn't really impress me. It's little more than a high-tech variation on selling bridges in Brooklyn or swampland in Florida. But I am impressed with the ingenuity of the plan for stealing personal information.

Think back to the last time you applied to open a brokerage or mutual fund account. Account openers need to provide full names, social security numbers, credit card and bank account details -- a veritable treasure trove of information. Since the FairPax.com scam was conducted online, its victims probably also created user names and passwords -- or more likely used the same ones they use for their other financial accounts.

Thus, in one fell swoop, the phishers acquired their victims' names, the location of their money, and the information needed to access it anonymously over the Internet. Quite a haul, even before the victims actually funded their FairPax.com accounts. How long, you have to wonder, before similar phishing attempts begin to imitate the websites of online brokers Schwab (NYSE:SCH), E-Trade (NYSE:ET) or Ameritrade (NASDAQ:AMTD)?

Citigroup (NYSE:C) banking customers were hit by a phishing attack last year. It's mutual fund customers this year. I suspect that discount brokers cannot be far behind. Let's be careful out there.

Want help finding mutual funds that are not only legitimate, but actually outperform the market? Consider a 30-day free trial to Motley Fool Champion Funds .

Fool contributor Rich Smith owns no shares in any company or fund mentioned in this article.