Editor's Letter

Feb 1, 2006 12:00 PM, LARRY ANDERSON, EDITOR


         Subscribe in NewsGator Online   Subscribe in Bloglines

We all get the so-called phishing e-mails. Those are the ones asking you to verify your account information, but which really come from someone trying to steal your account information. They look really believable as if they come from the alleged supplier, which loses some credibility if you do not have an account with that supplier. I have never heard of anyone actually falling for the scam, although there probably are some people who do. And given the millions and millions of such e-mails that go out (without cost to the sender), a tiny response rate would be enough to justify the effort. The fact that they keep showing up in my inbox suggests there is some return on the effort.

Curiosity leads me on occasion to actually read and examine these e-mails (and also, I have to admit, the ones from that unfortunate African individual trying to get money out of the country). Although I am not fooled, I have to say the approaches are getting quite sophisticated. And nervy. The guys who think of this stuff either have a lot of nerve or a sense of humor. Maybe both.

An e-mail I got yesterday, allegedly from PayPal, approached the subject like this: “Due to [the] upcoming year 2006, and recent changes in PayPal's Service Agreement, you need to submit additional details on your PayPal account.” In case I'm still not convinced, the e-mail offers this assurance: “Identity protection matters. And PayPal works day and night to help keep your identity safe.”

Also offered in the e-mail are several “Identity Protection Highlights:”

  • A “new spoof tutorial” that will help you “learn how to spot and avoid fraudulent ‘spoof’ e-mails and Web sites.”

  • A “SafetyBar tool” to guard yourself against “spoof” e-mails and fraudulent Web sites.

  • A “checklist if you are a victim,” which would presumably include an item along the lines of “If you responded to this e-mail, you are a victim.”

To add urgency to the appeal, the message warns that “any unverified account will be deleted from the system in 72 hours after receiving this letter.” (We all dread being “deleted from the system!”)

A similar e-mail from eBay the same day warned: “Responses sent using e-mail will not reach the eBay member. Use the Respond Now button to respond to this message.” The e-mail warns of a possible “unpaid item strike” and urges me to “log into [my] account right now to rectify the problem.” (At the bottom it gives me a Web site to go to “learn how [I] can protect [myself] from spoof (fake) e-mails.”

Isn't it nice when criminals warn you about becoming a crime victim right before they make you into a crime victim? It's like a guy with a gun who scolds you for walking alone on a dark street at night — and then shoots you.

YOUR THOUGHTS

We are looking for reader feedback. E-mail larry.anderson@penton.com and tell us what you think!

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top