2004-06-30

Phishing and Spam

citiI got this message, and although I was already aware that this kind of e-mails are flying around I was alarmed at how real this message looked.


Citibank website says about this kind of e-mails:

Recently our customers have reported receiving fraudulent e-mails that appear to be from Citibank but which are, in fact, sent by imposters. How can you tell the difference? Fraudulent e-mails typically include attachments, request personal information, or both.
When such e-mails are sent in our name, Citibank works aggressively with law enforcement agencies to investigate them. Below is a list of several e-mails currently under investigation. If you've received any of them, please notify us by selecting the link of the e-mail you received. If you suspect you've gotten a fraudulent e-mail that's not on this list, please report it now.

The e-mail message itself is not a text message that you can select, is an image that automatically sent you to the official Citibank website along with the fake website that ask you info whenever you try to select the text or any part of the message. The interesting thing is that first you are sent to the real Citibank website, and then a pop up window appears asking you for your personal info. If you try to close that window is almost impossible to close it because it keeps opening, the pop up turns out to be a fraudulent webpage. If you receive any of this give it a try at your own risk if you want but don’t fill out any data, and you will see how difficult is to close the windows, I almost had to turn off the computer.

I guess that sooner or later spammers will try to do the same with other banks, e-mail accounts or so. As a policy I advise people not to sent passwords, and personal info on e-mail messages to anybody even to people you know, call them instead and identify yourself. So be careful don’t trust places where sensitive personal info (name, birth, social security, passwords) is asked.

This whole e-mail problems has a lot of people crying for more regulation. The truth be said is that I don't believe regulation will solve the problem. The problem is going to be solved once the software and standard makers make the systems more secure. Using the internet is becoming like driving a car, you need to be aware of the risks and know what to do. Accidents are going to happen but only education and knowledge will prevent them. Only you are responsible for taking the necessary precautions. I wonder how this is going to lead to the development of more secure standards to send e-mail or to keep security in new technologies. What about an insurance market for accidents on the internet. I am not aware if something like this exists yet, but it makes perfect sense for companies that want to protect themselves of stolen information, virus outbreaks, etc. E-week magazine has 2 articles on this week's issue that deal with the problem. The first one is about how lawmakers are trying to protect users. First I think that approach is wrong because what is currently happening is going to outdated when it's approved given the level of tech development. Second I believe more in market based solutions to this problems as I was mentioning the idea of having insurance companies getting into the business. That will surely force the users who want to insure his computer against this problems to be risk assesed by the insurance company first before signing any policy and for instance correct and stop any behavior deemed risky. The second article on that same eweek magazine is about how given the huge avalanche of e-mail spam, some larger companies are resorting back to old tecnologies like faxes and old fashioned mail. Althought that can be a temporary solution or a quick solution for companies not willing to invest in technology I think that mostly the best approach that I found on this issue is an article that I read on Freeman Magazine about the issue.

New technologies are appearing and I believe at some point having spam in your inbox will be be reduced to having a few outbreaks as it has happened with viruses once the blocking tecnologies evolve into more sophistication. At least here in the US nobody responsible enough will dare to run their computers unprotected without anti-virus. Those people receiving and spreading viruses for a long time without knowing it are those who are either lousy to take some time to fix their computers or technologically illeterate that don't know what they are doing when using the internet. Sorry for being harsh but as a coworker was making fun of it, I told her not to laugh at my use of words because not knowing at this point how to basically use a computer, what is a virus, how to protect yourself and your info is like not knowing how to read and aspiring for a job as a writer on a newspaper. You can tell good stories but in order to work there you have to know how to read and use at least a typewriter (if they are still around). The same can be said about computers, you might know about the wonders of the internet and how it helps our personal lives and how you trade things on e-bay and buy stuff in Amazon, but you have to know certain basics of internet security before attempting to use one.

No comments:

Post a Comment