I got a call from Chris Thompson from the Faribault Daily News on Wednesday, and he wanted to talk with me a little about Internet “phishing”. I guess this is the new “public” term for those companies that E-Mail you, posing as your bank, EBay, or Paypal. I’m sure everyone has received at least some of this type of E-Mail lately.
After the talk, the next day, the paper contained a nice article in it, with a good amount of quotes, straight from my verbal style.
Most people I talk to about computer-related stuff in my work and personal life have only a modest skill level on this stuff. It is scary to most people after I explain to them that who an E-Mail is “from” is completely determined by what they happen to type in their E-Mail program as their name. Slightly more knowledgeable “phishers” can have an E-Mail appear like it came from any certain E-Mail Address (your E-Mail address even, or the President of the United States). Without the knowledge of “E-Mail Headers”, and some knowledge on TCP/IP, the recipient thinks these E-Mails actually come from the person that sent them. 
Like the article states, when in doubt, phone the company that sent you the message (to a Phone Number you are certain about) to be sure the message is legit. Most companies offer some sort of Abuse E-Mail address to forward these types of messages to for investigation and reporting purposes.
If you still have Thursday’s Daily News, check it out!
Thursday, December 23, 2004
Beware of ‘phishers’
By Chris Thompson
Daily News Staff Writer
FARIBAULT — Internet hackers are spending more and more time “phishing” for your personal information.
Phishing is the term coined by hackers who imitate legitimate companies — often financial groups — through unsolicited e-mails and bogus Web sites in an attempt to extract personal information. Responses to the e-mail or information submitted on the Web site often forward the user to another site made to look identical to that of a legitimate financial organization.
Information like bank account numbers, passwords or Social Security numbers are often asked for by requesting the user “update” or “validate” their account information.
According to the Federal Trade Commission (FTC), if personal information is divulged on the bogus Web site, operators can steal your identity and run up bills or commit crimes in your name.
A report by the Anti-Phishing Working Group — an industry association with members including banks, e-commerce providers and online retailers — states instances of bogus phishing Web sites have increased almost 30 percent since July.
“It’s a really hard deal because some of the e-mails that come out to people are quite realistic,” said Brian Klier, network/data services technician for the Faribault School District. “I guess the best piece of advice I can give is if in doubt, call the company and ask.”
Klier said it is not only home computer users that receive the solicitations for personal information.
“I see a lot of it coming through the (school) district so it’s as big a problem in the district as it is for me at home.”
Phishing e-mails and Web sites often use the exact logos and information found on a legitimate financial Web site, and a computer user can be easily misled by the copied site.
Klier — who monitors unsolicited e-mail for the district and works with the district’s e-mail system — said important information should never be sent through e-mail.
“The thing about e-mails … is there’s no way to tell just by looking at who it’s from, if the message really came from them or not,” Klier said.
If you think you have received a phishing request, it can be forwarded to the FTC for investigation at spam@uce.gov.
— Chris Thompson can be reached at 333-3132 or cthompson@faribault.com.