Phishers Take to the Pharm

by on May 19, 2005 | 0 comments

Twenty-one spams. That’s how many I just deleted from my Junk Mail folder. That many spams doesn’t bother me so much because it used to be ten times that, and they all came to my In Box. Now, thanks to new and improved security in my e-mail client, almost all of the spam that is intended for my In Box gets deleted before I ever see it. The remainder gets pre-routed into a Junk Mail folder, which I typically empty at the end of the day.

I always manually scan my Junk Mail just to make sure there’s nothing that I want to keep. Once in awhile, there’s an e-mail from an old friend that somehow gets tossed in with the junk. Recently, among the promises of cheap mortgage loans and body part enhancements, I’ve been finding phishing e-mails from wealthy Middle Eastern refugees who want to make me a rich man simply for helping them transfer large amounts of money out of Iraq, Nigeria, Afghanistan, or [enter your favorite Third World country here]. Of course, by the time the FBI catches up with them, the refugees look suspiciously like New Jersey con artists, running a couple dozen database servers out of low-rent apartments. Surprise, surprise.

I’ve written about phishers before, but apparently some people aren’t getting the message because they’re still losing money. Phishers aren’t like typical spam pranksters: they’re out to steal your identity. They set up look-alike websites of legitimate businesses, such as banks and other credit card issuers, and then they send you a bogus e-mail in hopes that you’ll click through and give them your account number, PIN, and mother’s maiden name. Unlike most spammers, phishers are after real money, and they’re counting on good ol’ God-fearin’ folk like us to hand them the keys to our bank accounts.

We’re too savvy for them, you and me. But according to the Federal Trade Commission, more than $1 billion dollars is lost to such scams every year. A billion! In fact, according to a media report, one Silicon Valley couple lost more than $700,000 on a single scam last year. You’d think people with that kind of dough would be bright enough to see through these shysters, but numbers don’t lie. (In fact, if that couple happens to be reading this, you know the routine…next time, instead of sending $700,000 to your e-mail pal, just write me a check for half that amount, I’ll slam your heads together, and we’ll call it even.)

Phishers have been flying under the radar for a few years now, but that’s all changing. Just this year, identity theft has risen to the top of the FTC’s list of customer complaints, affecting 1 in 50 people. That’s raised the eyebrows of not only FTC and the FBI, but now the Secret Service has joined the fray. Hear that, phishers? You’ve been peddling your snake oil for too long and you’ve finally hacked off the wrong guys.

To me, trying to steal someone’s money is appalling enough. But using a genuine tragedy to con them out of it takes the whole operation to a new low. After the tsunami hit Indonesia last December, some bottom-feeding phisher profited from it by pretending to be an orphan whose parents were killed in the disaster. “I am seeking help getting in excess of $3 American dollars of my father’s money out of a bank in the Netherlands,” read the e-mail. This would be comical if it wasn’t so sick. Anyone who gets caught using a real tragedy to rip people off should serve a long prison sentence where they’re forced to watch nothing but Ron Popeil infomercials.

Fortunately, more and more people are becoming wise to such scams, and are practicing safe computing by verifying the authenticity of such e-mails before responding. Most banks never send e-mails like that anyway, so if something turns up in your In Box, just assume it’s bogus, because it probably is.

As I said, I don’t see most of these e-mails anymore because my e-mail program automatically routes them to my Junk Mail folder. That one feature has quietly made my life less stressful and has saved me all the time that I used to spend manually sorting e-mail and deleting the spam.

What’s in our future? Well, as we all suspected, the criminals are getting more sophisticated. One new method of attack is called “pharming,” in which you get an e-mail with a link to a legitimate website, but are unknowingly redirected to a fake website because the pharmer “poisoned” your DNS server. The fake website is, of course, where you’re bamboozled out of your money. Unlike phishing, you no longer even have to click an email to hand the thieves your identity. And the pharmer can set it up so that the fake website displays the exact URL as the legitimate website. No discrepancy. No suspicion.

The fun just never stops, does it?

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

Discuss This Article (Without Facebook)

Leave a Reply

PCMech Insider Cover Images - Subscribe To Get Your Copies!
Learn More
Every week, hundreds of tech enthusiasts, computer owners
and geeks read The Insider, the digital magazine of PCMech.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: