IDENTITY THEFT: “PHISHING” FOR VICTIMS

Identity theft is prevalent in the news now. The thieves use Spyware: worms to monitor keystrokes and steal passwords. They’ve advanced way beyond the old fashioned ways, like searching your dumpster looking for discarded receipts.

Now they’ve become more brazen than ever, using “phishing,” or emails pretending to come from a known and trusted source. Some of their messages are so silly, that victims who fall for them can only be called willing, given all the publicity about security and identity theft that wafts through the airwaves daily.

There are “phishes” so comical that they’ve become national jokes, like the Citibank commercials:

Yet thousands of people clicked. They filled out their account number, personal information, credit card numbers, and so on. They’ve fallen not only for Citibank ads, but for mortgages, drug ads, vitamins, porn and most anything else you can think of.

Phishing has become so widespread that it’s become the identity theft technique of choice. The key is, unlike worms of viruses, it requires your cooperation. You must opt into it.

What do I mean by opting in? It’s what you do when a Web site page asks during a commercial transaction if you want to receive its weekly email newsletter featuring great deals. If you click ‘yes’, you’ve opted in.

Phishing or spoofing hits most people’s mail boxes many times a day. They often look like legitimate emails from substantial companies like banks, PayPal, eBay and so on. They explain is clear language that its time to update your records or to provide some additional information to access new futures. They often link to an official looking Web site with authentic company logos.

Even the URL looks legitimate. The page will ask to enter your user name, password and probably your credit card information.

Up to this point, the only crime that has occurred is the case the company may have against the spoofer. The spoofer is only asking you for information, albeit under false pretenses. At this point, if you give the information, you opt in.

If a woman walks through the notoriously bad part of town at 2am in a short skirt and revealing blouse, it’s no surprise if she gets raped. The rape is a crime. She didn’t deserve it – but nonetheless it’s a really stupid thing to do. The phishers would say she “opted in” to getting raped.

Please don’t let your computer walk around the bad side of e-town and get phsihed. That’s the purpose of this column, to help protect you against these dangers. Are you running Spy Sweeper? JV 16 tools? Norton Anti-Virus, PGP 8.1? Do you have your firewall up?

So — You don’t actually give your credit-card details to web sites you’re directed to by email, right? If so, I have some shares to sell you in the Third Temple.