How to Save the World

Dave Pollard on the art and science of Weblogging.

MADE IN CANADA

trust your instincts

< £ Salon Bloggers & >

December 21, 2005

The Phishing Menace

Like everyone else, I find spam annoying, but I also acknowledge that unwanted sales pitches of one kind or another are ubiquitous: I also find billboards, and commercials, and telephone solicitors, and every other kind of time-wasting unsought sales promotion annoying. This is primarily an education problem: Once customers all realize that it makes more sense for them to initiate commercial transactions, starting with research, and realize that they have the power and knowledge to do so to their own advantage, unsolicited sellers of all kinds will have to give up.

Phishing, by contrast, is not annoying, it's dangerous. It's not overzealous promotion, it's crime: fraud and theft. It is also, currently, harder to filter, and becoming more sophisticated. The consequences of allowing your credit information to be stolen by a phisher can be catastrophic -- huge financial losses, loss of credit, legal expenses, harassment by collection agencies for the phisher's debts, the major time commitment required to cancel and re-establish stolen credit lines, wholesale changeover of e-mail addresses and telephone numbers etc. Victims not infrequently end up being charged with criminal acts and even declaring bankruptcy.

Just in case there's anyone who doesn't know what phishing is, in its simplest form it is impersonating (called 'spoofing') -- usually via e-mail -- a company you deal with commercially (banks, credit card companies, Amazon, eBay, PayPal, VeriSign and Symantec are favourite targets), and fraudulently enticing you to go to the phisher's site and enter personal financial information which the phisher then uses to enter into financial transactions for his own benefit, charged to your account. There are several more sophisticated varieties of phishing as well. Sixty percent of phishing is attributed to criminal organizations in the US and China.

With enough familiarity, e-mail users learn that reputable financial and business organizations never solicit such information via e-mail, and delete or even report phishing messages to criminal authorities. But it's harder and takes longer than deleting spam, for which filters at least can be set up. And for occasional or new users of e-mail these messages, which often threaten cancellation of credit or other penalties if you do not volunteer this personal financial information, can be frightening and intimidating. On the one hand they're told that supplying your credit card information online to known vendors is common, safe and secure, and on the other they're told not to divulge any information requested by e-mail even if it appears to come from these same known vendors. If the digital divide weren't wide enough already, an experience with phishers is enough to make timid newbies throw in the towel entirely on e-mail and e-commerce.

The Anti-Phishing Working Group, which is supported by the most popular impersonation targets, is using 14 different methods to combat the crime. The one that seems to offer the most promise is called e-mail authentication, and involves using methods to verify that the organization sending you an e-mail is indeed who they say they are. These are still in the early stages of development, and not yet ready to deploy to the public.

You should of course never click on the links of phishing sites, even out of curiosity -- sometimes just visiting these sites can infect your machine with spyware and other malware. Traditional wisdom when dealing with phishers is to report them by forwarding (as an attachment) the phishing e-mail to anti-phishing authorities, though I confess I get so many phishing messages now this would take up most of my day. If you inadvertently provided credit card, debit card or bank account data to a phisher, you should immediately cancel the credit card or notify your bank about the compromised debit card or account. Microsoft offers some additional steps you can take to reduce the risk and consequences of phishing.

There are some anti-phishing tools out there: Netcraft (be sure to read the tutorial on how to recognize a phishing site using this tool), EarthLink and SpoofStick. If anyone has used any of these (or other) anti-phishing tools and has comments on their value, I'd like to hear from you.

6:27:02 PM trackback [] comment []

SEARCH SITE
How to Save the World

Technorati Cosmos

Subscribe to this blog by

HOME

E-mail Me

BIO, SIGNATURE ESSAYS

How to Save the World

What You Can Do

The Only Life We Know

Save the World Reading List

The End of Philosophy

Personal Productivity

The Blogging Process

The Wal-Mart Dilemma

The Job of the Media

Poem: Driving in Neutral

About the Author

TABLE OF CONTENTS (updated to Oct.26/05)

· Language & Narrative

· Global/Local Politics

· Corporatism/Free Trade

· Media/The Political Process

· Economics

· The Education System

RECENT POSTS BY CATEGORY

BLOGS & RESOURCES I READ

Creating Passionate Users

Crispyneurons Photoblog

Daily Dose of Imagery

Technical Difficulties

Texting

A Thousand Words Photoblog

Flemming Funch Absara

Jon Husband - Wirearchy

Judith Meskill's SocSW Blog

Misbehaving

Gary Lawrence Murphy

Myst Dave's Business Posts

Social Software Group

ALF

Conservation International

ELF

Environmental Defence Canada

Environmental Health News

Environmental NewsNet

Howling at a Waning Moon

Human & Other Extinctions

Impact Analysis

Intentional Communities

Donella Meadows Archive

NEF

NPG

NRDC

One World

One World Canada

Ontario Environment Directory

Population Reference Bureau

Sustainability Institute

Union of Concerned Scientists

WorldChanging

World Resources Institute

CBC

CommonBits Multimedia

American Politics Jnl

American Street

Asheville Global Reporter

Blargblog

Blog Left

Bob's Links and Rants

Body & Soul

Buzzflash

Carpe Datum

Center for American Progress

Guerilla News Network

Just Well Mixed

Left Coaster

Liberal Street Fighter

Revolutionary Moderation

Fried Green Al Qaidas

Girl in the Locker Room

Gripes from the Grumpy Girl

It's Not Me It's You

Dick Jones Patteran Pages

What Happens..Tell a Lie

World According to Chuck

World O' Crap

SALON BLOG LISTS AND OTHER BLOG TOOLS

Rankings

Recent Updates

Technorati Cosmos

Bloglines My RSS Subscribers

Eatonweb Blog Directory

The thoughts expressed herein are strictly those of the blogger.

WHAT THE BLOGOSPHERE WANTS MORE OF

Blog readers want to see more:

original research, surveys etc.

original, well-crafted fiction

great finds: resources, blogs, essays, artistic works

news not found anywhere else

category killers: aggregators that capture the best of many blogs/feeds, so they need not be read individually

clever, concise political opinion (most readers prefer these consistent with their own views)

benchmarks, quantitative analysis

personal stories, experiences, lessons learned

first-hand accounts

live reports from events

insight: leading-edge thinking & novel perspectives

short educational pieces

relevant "aha" graphics

great photos

useful tools and checklists

précis, summaries, reviews and other time-savers

fun stuff: quizzes, self-evaluations, other interactive content

Blog writers want to see more:

constructive criticism, reaction, feedback

'thank you' comments, and why readers liked their post

requests for future posts on specific subjects

foundation articles: posts that writers can build on, on their own blogs

reading lists/aggregations of material on specific, leading-edge subjects that writers can use as resource material

wonderful examples of writing of a particular genre, that they can learn from

comments that engender lively discussion

guidance on how to write in the strange world of weblogs

This work is licensed under a Creative Commons License.