Microsoft vs. the Phishers
Posted by Harry McCracken | Thursday, March 31, 2005 9:41 PM PT
If I had to name the Net nuisance that's irritating me the most right now, it would be phishing attacks--mainly because Postini, the spam filter that PC World uses, does a pretty good job with garden-variety spam and viruses, but lets plenty of phishing messages through.
There are days when it seems like most of the messages I get are "eBay" requests to update my info...even though I don't have an eBay account associated with my PCW address. I also hear from Washington Mutual all the time, even though I don't have a WaMu account. I'm pretty confident that I'm not going to fall for a phisher, but they're still wasting my time. And I worry that I'll ignore real missives from companies I deal with because I
think they're phishing attacks.
If I ran a company whose name was being used in vain by phishers, I'd be more and more worried. For instance, an acquaintance recently told me that he'd canceled his eBay account rather than stress out about eBay-related phishing messages. That's an extreme response, but an effective one--if you don't do business with eBay, you don't need to pay attention to messages that seem to be from it.
Anyhow, I'm heartened, at least a little, by the news that Microsoft has
filed 117 civil suits against alleged phishers. Here's hoping that these scammers get the book thrown at them--and that other would-be phishers hear about this and think twice.
117 lawsuits isn't even a "drop in the ocean" of what's needed to stop this practice. I've also been "phished" with the eBay scam and after following the "link", any idiot could tell by the amount of information requested that it is a setup. But what about the idiots? There are enough of them out there to keep these "phishers" in business for decades. What really worries me is when they (the phishers) become more proficient at what kinds of information they request... when they begin to fool even the "less-than-idiots" out there.
They don't need to put lawsuits on them. they need to fix their darn software that has been around for a long long time! good grief how long does it take to make windows so its safe and easier to use.
Sorry, I don't get the point of the last post. Phishing doesn't really have anything to do with flaws in the software of Microsoft or anyone else. At times, phishing messages can be very carefully crafted and very authentic-looking. I've even seen some that APPEAR to send the user to eBay, but wind up on the "phisher's" domain.
What needs to be done HERE is for security on the internet in general to be given a thorough overhaul. As it stands now, basically anyone can set up a web server at a vacant (or hijacked) IP, and pull it down again in a matter of minutes. Perhaps it's time for us to consider some kind of permitting?
Come to think of it, such permitting could be used to control spam, too...
You probably have ebay.com whitelisted, I'm a postini
customer and they rarely miss these.