The Conservative Cat

Phishing is a type of spam email. It purports to be a notice from a financial institution (the earliest examples pretended to be Citibank). You are told that you need to click on a link and provide some information. In most cases, the URL displayed in the EMAIL will be completely different from the one to which you are sent. For example, the following URL appears to be the Huffington Post, but if you click it, you'll be taken to a picture of me: http://www.huffingtonpost.com. Sadly, the phishing emails do not send you to pictures of me. Instead, they take you to a series of forms where you'll be asked to enter information that the phishers can use to steal your identity.

Like advertising spam, phishing emails are sent by robots. (This is why they keep trying to steal Bruce's identity, even though it would make more sense to steal from Bruce's wife or daughters, all of whom have bigger bank accounts.) Often, they'll notify you of problems with accounts you don't have:

From: customerservice@ukrainetrust.com
To: ferdy@conservativecat.com

Dear Mr. Cat:
    Your account here at the Ukranian National Trust was recently accessed by someone in Washington DC. We need to verify your identity. Please call 1-888-555-FAKE and be ready to tell us your name, date of birth, social security number, account number, and any other data we need to withdraw all your funds.

In other cases, they'll tell you that someone might have stolen your email password. To make it believable, they will spoof the FROM address so that it appears to be somebody official. This can be very believable if you have an AOL or COMCAST email, but is less effective when your email address belongs to your blog domain.

From: webmaster@conservativecat.com
To: carnivals@conservativecat.com

Dear Carnivals:
    Due to violations of our policy on email usage, we have suspended your CONSERVATIVECAT account. Please read the attached document to install a virus on your computer that we can use to make denial of service attacks on CNN.com.

They never explain how it is that my suspended EMAIL account is still receiving offers to visit the web site of Crystal the Japanese Webcam Girl.

The Internet email system is at a crisis point because it's so cheap. There is no cost to sending email, so bad guys send out massive amounts of it without worrying about the cost. Making EMAIL expensive is problematic because the decentralized international nature of the Internet makes it difficult to police. Phishers are committing demonstrable fraud, but by the time an individual phisher's location is known, he's moved to another location: hopping between servers is cheap and easy, too.

The free market is already responding to this problem. The most popular internet server software-- Apache-- has an add-in called SpamAssassin that can be configured to delete most spam before it reaches your inbox. AOL has a proprietary filter that it has been hawking heavily in its television commercials. Nonetheless, most Internet users would like a solution that puts spammers in a remote prison, preferably one in which they would be bombarded with constant loud advertisements for bogus male enhancement products and Rolex knock-off watches.

This is unlikely to happen anytime soon. In the meantime, treat everything you read in EMAIL with the same skepticism you use when watching CNN. You can't be too careful nowadays.

Respectfully submitted,

Ferdinand T. Cat