Sunday, June 20, 2004

Gone Phishing

I suppose it sounds slightly smug, but why do people keep falling for this?

Growing e-mail scam aims to dupe Internet users

By Kathy Bushouse and Ian Katz

Business Writers

Posted June 20 2004

It looked like e-mail any Citibank customer would be eager to open.

The subject line: “Protect yourself from Internet fraud.” Open up the e-mail, and the Citibank logo is prominently displayed.

The first lines read: “Financial institutions around the world have always been subject to attempts by criminals to try and defraud money from them and their customers. … As part of our ongoing commitment to provide the ‘Best Possible’ service to all our Members, we are now requiring each Member to validate their accounts once a month.”

But the e-mail that circulated last week is a “phishing” fraud, designed to coax out people’s debit card and personal identification numbers. Such scams, which started last year, are alarming security experts as they grow in sophistication and frequency.

On its Web site, Citibank lists 15 phishing solicitations it has intercepted in just the first two weeks of June.

“If they’ve got your PIN number and the number on your card, they can drain your account,” said Dan Maier, a spokesman for the Anti-Phishing Working Group, an industry association of more than 100 Internet service providers, banks and other companies fighting to stop the spread of this new, more dangerous form of spam e-mails. [South Florida Sun-Sentinel]

I’ve gotten a few of those e-mails myself. After previewing them, I sent the link on to the Fraud Division at Citibank. I guard my credit rating like a cobra. I check it every six months and whenever there’s any kind of question about it, I contact the lender and the credit bureau immediately to clear it up. Sticks and stones may break my bones, but mess with my credit and I’ll come after you like a badger.

I’ve also installed a spam-guard program called Qurb. My brother (who knows something about software) recommended it. It checks your e-mail address book and makes a list of all the addresses you’ve saved or have sent mail to. Based on the assumption that they are of interest to you, it lets you get mail from those senders. Anything else it quarantines and lets you safely accept or block those addresses. I’ve had it for about a week now and it works fine – although I do miss those pseudo-James Joyce stream-of-conscious messages. The software runs about $30, but you can get a free trial version. It’s worth the try; you can’t be too careful.