Wednesday, June 22, 2005

On phishing

I received three identical mail messages this morning, warning me that my account with the Deutsche Bank may have been compromised: I should go to a website (they kindly provided a URL) and type in my name, bank account number, ID, password, date of birth, shoe size and mother's maiden name.

The names of the senders were enough to prove that the mail was fraudulent:
    Escort R. Feet
    Snap O. Basil
and my favourite:
    Plunge E. Teepee

Well, really. How can anyone who is intelligent enough to operate an online bank account, be so stupid as to believe a mail message from "Plunge E. Teepee"? A five-year-old child would recognize this name as a blatant lie and fall about laughing, why does it (or its like) fool so many allegedly educated, allegedly responsible adults? (And we let these people vote?!)

For those who are unsure whether Mr. Teepee is really on their side, here are three simple rules:

1) Every unsolicited e-mail offering to solve a problem you didn't know you had, is an attempt to defraud you.

2) If you are still unsure, call the company concerned and ask them about it (do not use any contact information in the e-mail, look them up in the phone book or on a recent bill).

3) However, even if the company says that the threat is genuine, do not use the URL in the e-mail. Go to the company's usual website in the usual way, using your usual browser. It's easy to fake a URL, try this link to the Microsoft home page for an example. The link text that you see, bears no necessary relationship whatsoever to the webpage it points to.

It speaks poorly of us as a species, that so simple a trick as phishing can work so well.

0 Comments:

Post a Comment

<< Home