R. Fink | Personal info is phish in a barrel

The Packet Rat'commentary

The Rat has his spam filters set to 'kill' these days, and with good reason. During the past month or so, the number of e-mail based phishing attempts directed against his agency's public e-mail addresses has risen from an annoying flood to a cataclysmic deluge.

According to a report from Google's recently acquired Postini unit, the wirebiter's net is not alone. Postini reported having blocked 57 percent more spam, virus and phishing attacks in 2007 than in 2006.

'And by phishing, I don't mean offering to trade tapes of a defunct Vermont-based jam band,' the whiskered one explained to his boss, who was still unclear about the phenomenon. 'It's more like when you get an e-mail from someone claiming to be PayPal, telling you to verify your account and password, for example.'

'That wasn't PayPal?' his boss said, horrified.

The Rat facepalmed. 'No.'

As anyone could tell from the spelling in most phishing attacks, they aren't being made by rocket scientists. At the recent Black Hat conference in Washington, security researcher Nitesh Dhanjan told attendees that phishing scammers were using Web tools to create spoofs that were, in turn, vulnerable to having the data they scammed pick-pocketed by others.

Most phishers, Dhanjan said, are using turnkey phishing kits that let them easily set up scam sites. And like most software consumers, they pretty much use the default settings. Without having to do any real hacking ' just by doing a little external probing ' Dhanjan was able to get to information the sites had collected from unsuspecting victims.

With phishing made simple by 'Pocket Phisherman' kits, and with personal data easily within reach of others, it's just a matter of time before people foolish enough to be caught by less sophisticated phishers have every aspect of their personal data available via Google search.

'So, you see,' the cyberrodent smirked, following the trail in his boss's browser history back to the fake PayPal page, 'not only did you give your PayPal information to these losers, you gave it to every 13-year-old with access to a Web browser.' Within a moment, he was paging through captured responses, until his boss made a gasp of recognition.

'Oh,' the Rat sighed, 'please tell me 'password' wasn't your PayPal password.'


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected