« Pong Prevention and the Mysteries of Movable Type Spam | Main | Blogroll for Cat Lovers »
October 24, 2005
EMAIL Hell - New Phishing Scam
There is a new style of phishing spam making the rounds. Phishing, of course, is the term applied to EMAILs that gather data to be used for identity theft. The key to any phishing email is the hook, that is, the story told to get your attention. The well-known Nigerian scam is the father of all phishing schemes, but the modern variants use things like javascript and disguised hyperlinks so they can get your identity information immediately instead of negotiating for it over the phone.
Early phishing EMAILs claimed to be from banks. The first ones involved Citibank, who now have a page on their website warning you about the things. As a result of this, no bank in its right mind communicates via EMAIL any more. (Chase Manhattan customers: before you tell me I'm wrong, note the key qualifying phrase in its right mind.)
More recently, Phishers have been using eBay or PayPal, hooking you with a story that makes you think someone else is using your account. The latest scam works this way: they tell you a new EMAIL has been added to your account.
If it were true, this would send chills down anybody's spine: a total stranger has access to your money. But in fact, it's a completely bogus notification. As a matter of policy, neither Paypal nor eBay will ever send you a security-related EMAIL with a link in it. This trick will soon spread to other institutions, so if (for example) you get something from Chase Manhattan bank telling you there's a new user on your online account, don't click on anything in the message and don't open any attachments. If you want to test the link, copy the text and paste it in your browser, and make sure the domain name is legitimate first. (For example, http://email.chase.com is legitimate because http://www.chase.com is the real live Chase Manhattan Bank, but http://paypal.worldmovie.com is bogus because Paypal is at http://www.paypal.com.)
Finally, we need a treaty-enforced policy against identity theft so that we can put these guys in jail. Although I am technically a hard-line fiscal conservative, I would be willing to support a government slush fund to send a group of foreigners to a fancy resort once a year if (and only if) it means we can send the army into the Ukraine to violently drag Roman Vega's business partners out of their homes for immediate shipment to Guantanamo prison.
I think an awful lot of people would agree with me.
Respectfully submitted,
Ferdinand T. Cat
# At Mon 5:00 AM | Permalink | Trackback URI | Comments (3) | More EMAIL Hell
Trackback Pings
» Inline trackbackation? from NIF
Today's dose of NIF - News, Interesting & Funny ... + Guard Our Borders day! [Read More]
Tracked on October 24, 2005 5:30 PM
» Carnival Of The Vanities #162 from Baboon Pirates
Welcome to Baboon Pirates and the 162nd Carnival Of The Vanities! My nom de blog is El Capitan, and I'll be the ringmaster/sideshow operator/skeevy carny for this week's festivities. [Read More]
Tracked on October 25, 2005 10:36 PM
Comments
Posted by: Beth at October 24, 2005 10:24 AM
Thankfully it was reported immediately and stopped without any losses, but still....I would fully support any cruel and unusual punishment for phishers (string 'em up right along side all hackers/worm creators).
Posted by: Gigolo Kitty at October 24, 2005 11:01 AM
Posted by: nick at November 1, 2005 7:51 PM
| HTML is not allowed in comments; however, if you put in a raw URL (http://www.somewhere.com/page.html) it will automatically be converted to a link.. Also, it is likely your comment will not appear unless you refresh the page manually after posting it. |
