In the March 29, 2006 edition -
If your e-mail smells 'phishy,' hit the delete key.
A record 9,715 phishing sites were reported in January. Most of these scams involved six well-known brands.
They almost got me. The e-mail from PayPal said that my account had a problem. To correct some faulty information, I was instructed to click on a link included in the message. Well, I didn't have a PayPal account, but I knew my wife did. Perhaps she had given my name or e-mail address as a backup.
But my spider-sense was tingling, so I decided not to use the link, but to visit PayPal's website directly. And that's when I saw the notice about the scam. Someone had been phishing, and I was almost hooked.
No, it's not a misspelling. Phishing has become the most pervasive form of criminal activity on the Internet today. Using a variety of methods, phishers send out e-mails that look like they are from legitimate companies or organizations. The messages lead people to fake websites where they try to collect personal financial information.
In the 10 years that phishing has existed, it's grown from rather clumsy operations to much more sophisticated endeavors. Law enforcement officials believe some are run by organized crime rings from around the world. According to one recent estimate, computer users in the US lost more than $929 million to these scams over one
12-month period.These days the phishers also plant software (known as 'crimeware') on people's computers that record their keystrokes. The information is then sent back to scammers. Another trick is to get people to visit the actual websites of a company, but through a means created by the phishers which allows them to record your keystrokes.
According to the Anti-Phishing Workgroup
About 80 percent of these scams involved six well-known brands. (One that I have been receiving recently was a regular stream of e-mails telling me about problems with my "Chase" account.)
The vast majority of these operations are based in the US, with Korea and China close behind. And here's a mind-boggling stat: Most of these sites only last an average of five days. So these folks run the scam, hook as many people as they can, and then get out of Dodge before the law can catch them.
Phishing is increasingly becoming a concern to Internet users, says Joe Laszlo, senior analyst for Jupiter Research in New York. When consumers were asked recently about what bugged them about the Internet, 53 percent said spam (no surprise there), but 35 percent said phishing, Mr. Laszlo notes.
"No matter how Internet savvy you are, all it takes is one time for a scam to fool you," he says. "And there is no depth to which the phishers won't sink. They will do anything to trick you."
After hurricane Katrina struck last year, numerous e-mails spoofing the Red Cross appeared, as phishers tried to take advantage of people's desire to help people in the Gulf Coast. Recently, these scam artists have been spoofing the IRS in an attempt to use tax season as a way to trick people into divulging their personal information.
Software companies and law enforcement agencies are trying to do something about phishing. Last week, Microsoft announced it was taking legal action against 100 phishing operations based in Europe, Africa, and the Middle East. This follows a similar initiative by the company against 117 suspects in the US.
And in late February, AOL used a new Virginia antiphishing law to go after 30 phishers working for three international groups.
The increase in phishing is also behind the move by companies like AOL and Yahoo to offer "certified e-mail," Laszlo says. This type of e-mail costs a certain amount per message but ensures that the message comes from the people who sent it. The idea of paying for e-mail of any kind has raised objections from consumer groups and free-speech advocates. But it was recently endorsed by the Red Cross, after its experience with the Katrina scam.
Regardless of whether certified e-mail becomes a reality, you remain your own best protection against phishing. Beware any e-mail from a bank, financial company, or even the IRS, which indicates you need to visit their site to "fix" a problem, or because your "account is about to expire." Don't act, until you visit the company's website first, or call it on the phone, to find out if any alerts exist about phishing scams. Better to take extra time examining the worm on the hook, than being caught, landed, and gutted by an expert phisher.
To read the news each day in the Christian Science Monitor and the New York Times and listen to the top stories via National Public Radio, please go to:
Ditto the word 'fraud' which could be spelled 'phraud'. Basically, they took words which begin with /f/ and began spelling them with /ph/ instead. Or at least, those words which they felt reflected a more 'positive' spin on things. I do not think the freaks ever did convert the word 'fraud' since there is very little, if any, positive use of that word. But I think you get my point.
Then along came the words 'fishing' and 'fish' and 'fisherman'. The meaning of the words are pretty obvious, especially when used in connection with a 'stream' which usually refers to a moving body of water, or as in more recent times, a body of data (such as a newsgroup) moves along down the stream between one site and another. On the perhaps erroneous assumption that all phreaks are bad people out to damage or destroy telco, someone about a decade or so ago decided to use the same phoenetic spelling on 'fish' and variations that had been done with 'freak' and variations. I do not think most phreaks (who by and large consider themselves an educational and positive force in telecommunications) approve of the same thing being done to 'fish'.
Picture, if you will, a man with a rod and pole sitting on the side of a smelly old cess pool or septic tank amusing himself by examining all the rotten stuff pulled out of the water. So 'phishermen' rely largely on social engineering the way many 'phreaks' used to do to get the required information needed to make their schemes work. Just as ESS and more sophisticated telephone switching and billing systems required that phreaks get more sophisticated in their ways, likewise the 'phishermen' had to adapt as well. Anyway, to make a short story long, the obvious misspelling of 'fisherman' and 'fishing' got its start as a take off on freaks and 'phreaks'. PAT]