The following (sad) letter yesterday from reader H demonstrates why phishing works:
Dear Sir:
Phishing
Any Joe Sixpack Can Be A Phisher
By 3.17.08
The popular conception of phishers is of shadowy electronic masterminds, using a mix of technical prowess, deception and anonymity to trick consumers into handing over the bank account details. Actually, most of them are too stupid to design their own websites. That’s what two security researchers found when they delved deep into the online phishing community.
Animals Bring Phishing Call To Life
By 2.27.08
Chris went ahead and added some animal pictures to make a video of that phone call between a scammer and a Southern gentleman. A weasel plays the Indian phisher, a houndog plays the gentleman, and a goose plays his wife. Go back to the post and watch it, it’s even funnier than the original.
Man Records Phishing Call
By 2.26.08
–> A man in Virginia who apparently likes to record suspicious phone calls captured a very funny 10-minute talk with the world’s clumsiest phisher who called his house trying to get his bank account number. His local news station reports, “Howard says he recorded it because he wanted to help people by putting it on the news.”
USPS & FTC Mail Out "Avoid ID Theft" Brochure
By 2.21.08
Today we received a handy brochure (PDF) in the mail from the postal service. “Deter, Detect, Defend,” it reads, and it offers a bunch of handy reminders of what to look out for when it comes to protecting your identity, and what to do if you suspect it’s been stolen. If yours was stolen (ha ha, we kid!), you can read read or download it from the FTC’s ID theft website.
Is HSBC Straining Under An "Unprecedented" Wave Of Fraud Activity?
By 2.20.08
If you’re an HSBC customer, check your account, as there may be a wave of fraudulent activity hitting your bank. Two days ago we wrote about the guy in the U.S. who discovered his account had been drained by someone in Bulgaria. Later that day we received an email from Emily in NYC who was having similar problems, only her fraud-buddy was in California and Canada making withdrawals on her account.
Emily’s fiancé wrote back to us today with an update, and according to Emily, the HBSC Fraud Investigator who spoke to her “said that their fraud department was so overwhelmed, it was ‘still in the developing stage of how we’re going to handle’ it. I asked if she knew how many customers were affected and she stated ‘We don’t even know.'”
IRS Warns Consumers Not To Fall For Rebate Scams
By 1.31.08
The IRS would like you to know that its not planning on emailing you about your tax rebate. “The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers,” the agency warned yesterday.
Phishers Turn To Text Messages
By 1.16.08
Phishers are now turning to text messages to get people to fork over their personal banking information. Con artists targeting southwest Missouri sent text messages to hundreds of cellphone users, telling them that their bank account expired and directing them to a fake website with a URL containing the bank’s name. There the website captured the login and password of anyone who logged in. Phishers will use any medium they can. If you receive a message purporting to be from your bank and you’re not sure if it’s legit, call your bank directly to verify its authenticity
Phishing Scams Hurt The Brands They Target
By 11.27.07
Ars Technica reports that “42 percent of adults in the UK feel that their trust in a brand would be greatly reduced by receiving a phishing e-mail claiming to be from that brand, according to an online survey conducted by research firm YouGov.”
IRS Warns Consumers Of "California Wildfire" Phishing Scam
By 11.2.07
The IRS is warning consumers of a new email scam going around posing as the IRS and soliciting donations for the California wildfire victims.
Security Firm Says Hackers Can Access Vonage Calls
By 10.26.07
It’s not a good week for Vonage. VoIP Security firm Sipera has announced that they’ve discovered a vulnerability in Vonage’s equipment that can allow hackers to take control of user accounts to intercept calls, make calls via the accounts, eavesdrop, or launch DoS attacks. Although most VoIP systems are about as secure as sending IM messages over a public wifi network (that is, not secure at all), Vonage has a couple of special problems with its Motorola adapters not authorizing requests, which leaves a special door open for bad people doing bad things. The problem also affects adapters from Grandstream and Globe7.
Add Super-Protection To Your Logins With $5 Security Key
By 10.17.07
If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that’s tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn’t available anywhere online.
6 Online Shopping Scams To Watch Out For
By 10.11.07
1. Missing Auction Goods – Auction fraud represents over a third of Internet scam complaints every year. Your safest bet is to pay with plastic so you gain the protections of the Fair Credit Billing Act. When plastic’s not an option, setting up an account through PayPal or BillPay that connects to your credit card is the next best bet.
eBay Hacked, User Accounts Disabled, No Personal Information Compromised
By 10.10.07
eBay has been hacked, says Ars Technica, and several members have had their accounts disabled. eBay’s Trust and Safety team issued a statement in which they said (adorably) that the hacker was “a known fraudster to us.”
Protect Yourself From Badware
By 10.8.07
Stopbadware.org has just released its “Trends in Badware 2007” report, a free overview of all the ways you and your computer can be slipped digital roofies while you’re online looking at LOLpornography and doing your banking through Twitter. It’s written in a deliberately non-technical style, so if you’re put-off or intimidated by the Slashdot crowd, this is a great way to educate yourself or a naive loved one about the dangers of drive-by downloads, website hacking, and so on.
Is Bank of America Lying About Website Security?
By 9.24.07
According to a demonstration by Chris Soghoian over at CNet, Bank of America’s “SiteKey” picture authentication feature can be spoofed by phishers and is, basically, worthless.
By 9.13.07
../../../..//2007/09/13/after-an-18-month-long-investigation/
After an 18-month-long investigation, German police have arrested 10 Russians, Ukrainians, and Germans who they think were involved in phishing scams that bilked users out of “hundreds of thousands of euros.” The suspects targeted customers of eBay and Deutsche Telekom, among other companies, and lived “luxurious lifestyles involving expensive jewelry, cars and travel.” [Reuters]
5 Ways To Make Sure You're Actually Talking To Your Credit Card Company
By 9.12.07
When you consider the risk and high cost of identity theft, it pays to be skeptical whenever someone calls you and claims to be from your credit card company. How can you verify that they’re legit? Reader Cathy points us to bloggingawaydebt.com, which offers five simple things to do if you want to make sure you’re not being scammed.
