Passing Up
On The Phishing Expedition
You know what
phishing is, right?
Phishing is the
term used when “enterprising cyber criminals” (hereafter termed, for the
purpose of brevity, “repugnant losers who are incapable of earning their own
money, so they steal yours”) create e-mail messages that appear to be from
companies like Citibank, eBay or PayPal in an attempt to gain password and
bank account information from gullible cyber victims. It apparently works.
GartnerGroup estimates that nearly 1.8 million Americans have fallen victim
to some sort of phishing or spoofing scam. (“Spoofing” is the practice of
setting up fake Web sites created to appear like an official site.)
Personally, I
have dozens of phishing e-mails wash through my inbox every day. They’ll
read something like this: “Your Account Information Needs Updating!” Upon
opening the e-mail, you’ll find an official looking missive, complete with
logos and the same type fonts used by the organizations from which they are
supposedly sent. One click will lead you to the fake, “spoofed” Web site,
where you’ll be asked to enter all sorts of personal information such as
user names, passwords, bank account numbers, credit card numbers, checking
information, mother’s maiden name, etc.
With the second
click, you’ve just divulged your personal information to a 15-year old
nose-picking-cyber-criminal-wannabe who, to add insult to injury, won’t even
spend your money on something worthwhile, like a trip abroad or dinner at
the best seafood restaurant in town. A day, a week or a month later, your
checking account is overdrawn, your credit card is full of charges for
1-900-Dial-A-Girl-For-Losers-Who’ve-Never-Actually-Talked-To-A-Real-One-Before,
your PayPal account is zero, and finally, your mother’s maiden name (which
is apparently the mysterious, secret key that allows our lives to function
properly in the modern world) is available to the entire 7th-grade
class of Jedediah Penobscot Junior High School in Seekonk, Massachusetts.
Sound
preposterous? Nearly two million people in this country have fallen for it.
Consider this a public service announcement.
1. eBay,
AOL (news
-
alert)
and PayPal (news
-
alert) have already stated that they will NEVER ask you for your account
information via an e-mail. Check the policies of any other businesses you
interact with online.
2. Never
believe any e-mail, no matter how official looking, that asks for any
personal information. I recently had a credit card expire, and the online
DVD rental company Netflix sent me an e-mail asking me to update my account
with my new card information. I deleted the e-mail and went directly to the
Netflix Web site and changed my information that way.
3. Guard your
social security number like it’s the last pint of Ben & Jerry’s New York
Super Fudge Chunk in the world. There are two parties who need your social
security number: your employer and the U.S. government. No one else should
be asking for it, and you can and should deny it to anyone else who asks for
it. That includes your doctor.
4. When in
doubt, call the company that supposedly issued the e-mail request.
5. If any of
your passwords are comprised of your name, your birth date, your
anniversary, your pet’s name or something simpleminded like “password,”
change them immediately. Cyber-criminals may be repugnant losers, but a few
of them are not stupid.
Finally, if
you’re looking for a really great password, try a 50-dollar word like
“obfuscation” or “sycophantic.” You know…a word the 7th graders
haven’t gotten to in vocabulary class yet.
The author may be contacted at [email protected].
|