Gone Phishing?

Zastrossi writes "According to the Anti-Phishing Working Group, phishing sites--the practice of making sites that look and act like popular sites such as banks in order to steal personal information from customers--rose from 543 sites in September to 1,142 sites in October. Gartner reports that phishing scams cost banks and credit-card companies $10.2 billion."

Here's how I got my mom to verify

[russler]

1. Make certain the site name is not all numeric.

2. Make certain it is spelled correctly.

3. If they write to you unsolicited, just type the website in directly that you normally use for the service and you can be certain where you are going.

I can think of more things to tell her, but the more I say the less I fear she will remember. So I boiled it down to the above list.

So far so good....

She is as clueless as anyone on the net, so I figure if it works for her that's a good litmus test....

one problem...

[tsu+doh+nimh]

is that banks themselves are guilty of perpetuating this stuff.

got an email from Network Solutions the other day, complete with HTML graphics, etc. It said, Dear Customer, we periodically ask our customers to update their whois information....click here to access your account information....

then it said failure to keep your account info up to date could result in the suspension of your domain. turned out this was a legitimate email from NetSol, but it had all the signs of a phish - addressing me with no indication they knew who I was, a la "dear [fill in bank or company here] valued customer"; it urged me to click on a link - which by the way was a dotted IP address; and it threatened negative consequences unless I acted quickly.

Same thing happened to me with Citibank. I am a citibank customer, and the other day I received an email urging me to transfer my balances from other cards, blah, blah. Anyhow, it had all the right logos, and urged me to click on a link. When I did (with some trepidation), I was brought to a site called "accountonline.com", which as it happens, is in fact owned by Citibank.com. Again, turns out this was a legit email from Citibank (or its marketing dept.)

Yes, it is sad that we have gotten to the point where companies cannot use email as a legitimate means of marketing and communications with thier customers (and prospective customers), but banks and other major companies need to heed their own advice, and as far as I'm concerned, as long as these companies keep doing that sort of thing, they have only themselves to blame when their customers expect this sort of communication.