Dot Commentary

By Tracey E. Schelmetic
Editorial Director, CUSTOMER INTER@CTION Solutions™

Passing Up On The Phishing Expedition

You know what phishing is, right?

Phishing is the term used when “enterprising cyber criminals” (hereafter termed, for the purpose of brevity, “repugnant losers who are incapable of earning their own money, so they steal yours”) create e-mail messages that appear to be from companies like Citibank, eBay or PayPal in an attempt to gain password and bank account information from gullible cyber victims. It apparently works. GartnerGroup estimates that nearly 1.8 million Americans have fallen victim to some sort of phishing or spoofing scam. (“Spoofing” is the practice of setting up fake Web sites created to appear like an official site.)

Personally, I have dozens of phishing e-mails wash through my inbox every day. They’ll read something like this: “Your Account Information Needs Updating!” Upon opening the e-mail, you’ll find an official looking missive, complete with logos and the same type fonts used by the organizations from which they are supposedly sent. One click will lead you to the fake, “spoofed” Web site, where you’ll be asked to enter all sorts of personal information such as user names, passwords, bank account numbers, credit card numbers, checking information, mother’s maiden name, etc.

With the second click, you’ve just divulged your personal information to a 15-year old nose-picking-cyber-criminal-wannabe who, to add insult to injury, won’t even spend your money on something worthwhile, like a trip abroad or dinner at the best seafood restaurant in town. A day, a week or a month later, your checking account is overdrawn, your credit card is full of charges for 1-900-Dial-A-Girl-For-Losers-Who’ve-Never-Actually-Talked-To-A-Real-One-Before, your PayPal account is zero, and finally, your mother’s maiden name (which is apparently the mysterious, secret key that allows our lives to function properly in the modern world) is available to the entire 7^th-grade class of Jedediah Penobscot Junior High School in Seekonk, Massachusetts.

Sound preposterous? Nearly two million people in this country have fallen for it. Consider this a public service announcement.

1. eBay, AOL (news - alert) and PayPal (news - alert) have already stated that they will NEVER ask you for your account information via an e-mail. Check the policies of any other businesses you interact with online.

2. Never believe any e-mail, no matter how official looking, that asks for any personal information. I recently had a credit card expire, and the online DVD rental company Netflix sent me an e-mail asking me to update my account with my new card information. I deleted the e-mail and went directly to the Netflix Web site and changed my information that way.

3. Guard your social security number like it’s the last pint of Ben & Jerry’s New York Super Fudge Chunk in the world. There are two parties who need your social security number: your employer and the U.S. government. No one else should be asking for it, and you can and should deny it to anyone else who asks for it. That includes your doctor.

4. When in doubt, call the company that supposedly issued the e-mail request.

5. If any of your passwords are comprised of your name, your birth date, your anniversary, your pet’s name or something simpleminded like “password,” change them immediately. Cyber-criminals may be repugnant losers, but a few of them are not stupid.

Finally, if you’re looking for a really great password, try a 50-dollar word like “obfuscation” or “sycophantic.” You know…a word the 7^th graders haven’t gotten to in vocabulary class yet.

The author may be contacted at [email protected].