R. Fink | Personal info is phish in a barrel

The Packet Rat'commentary

The Rat has his spam filters set to 'kill' these days, and with good reason. During the past month or so, the number of e-mail based phishing attempts directed against his agency's public e-mail addresses has risen from an annoying flood to a cataclysmic deluge.

According to a report from Google's recently acquired Postini unit, the wirebiter's net is not alone. Postini reported having blocked 57 percent more spam, virus and phishing attacks in 2007 than in 2006.

'And by phishing, I don't mean offering to trade tapes of a defunct Vermont-based jam band,' the whiskered one explained to his boss, who was still unclear about the phenomenon. 'It's more like when you get an e-mail from someone claiming to be PayPal, telling you to verify your account and password, for example.'

'That wasn't PayPal?' his boss said, horrified.

The Rat facepalmed. 'No.'

As anyone could tell from the spelling in most phishing attacks, they aren't being made by rocket scientists. At the recent Black Hat conference in Washington, security researcher Nitesh Dhanjan told attendees that phishing scammers were using Web tools to create spoofs that were, in turn, vulnerable to having the data they scammed pick-pocketed by others.

Most phishers, Dhanjan said, are using turnkey phishing kits that let them easily set up scam sites. And like most software consumers, they pretty much use the default settings. Without having to do any real hacking ' just by doing a little external probing ' Dhanjan was able to get to information the sites had collected from unsuspecting victims.

With phishing made simple by 'Pocket Phisherman' kits, and with personal data easily within reach of others, it's just a matter of time before people foolish enough to be caught by less sophisticated phishers have every aspect of their personal data available via Google search.

'So, you see,' the cyberrodent smirked, following the trail in his boss's browser history back to the fake PayPal page, 'not only did you give your PayPal information to these losers, you gave it to every 13-year-old with access to a Web browser.' Within a moment, he was paging through captured responses, until his boss made a gasp of recognition.

'Oh,' the Rat sighed, 'please tell me 'password' wasn't your PayPal password.'


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected