R. Fink | Personal info is phish in a barrel

The Packet Rat'commentary

The Rat has his spam filters set to 'kill' these days, and with good reason. During the past month or so, the number of e-mail based phishing attempts directed against his agency's public e-mail addresses has risen from an annoying flood to a cataclysmic deluge.

According to a report from Google's recently acquired Postini unit, the wirebiter's net is not alone. Postini reported having blocked 57 percent more spam, virus and phishing attacks in 2007 than in 2006.

'And by phishing, I don't mean offering to trade tapes of a defunct Vermont-based jam band,' the whiskered one explained to his boss, who was still unclear about the phenomenon. 'It's more like when you get an e-mail from someone claiming to be PayPal, telling you to verify your account and password, for example.'

'That wasn't PayPal?' his boss said, horrified.

The Rat facepalmed. 'No.'

As anyone could tell from the spelling in most phishing attacks, they aren't being made by rocket scientists. At the recent Black Hat conference in Washington, security researcher Nitesh Dhanjan told attendees that phishing scammers were using Web tools to create spoofs that were, in turn, vulnerable to having the data they scammed pick-pocketed by others.

Most phishers, Dhanjan said, are using turnkey phishing kits that let them easily set up scam sites. And like most software consumers, they pretty much use the default settings. Without having to do any real hacking ' just by doing a little external probing ' Dhanjan was able to get to information the sites had collected from unsuspecting victims.

With phishing made simple by 'Pocket Phisherman' kits, and with personal data easily within reach of others, it's just a matter of time before people foolish enough to be caught by less sophisticated phishers have every aspect of their personal data available via Google search.

'So, you see,' the cyberrodent smirked, following the trail in his boss's browser history back to the fake PayPal page, 'not only did you give your PayPal information to these losers, you gave it to every 13-year-old with access to a Web browser.' Within a moment, he was paging through captured responses, until his boss made a gasp of recognition.

'Oh,' the Rat sighed, 'please tell me 'password' wasn't your PayPal password.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above