Phishing

I have been wanting to do a post on phishing, but Chris beat me to it. He tells it like it is.
Lockergnome puts out a great newsletter, you can find it here.
http://channels.lockergnome.com/windows/


From:
Lockergnome's Windows Fanatics ~ August 3, 2006
Chris Pirillo


Over the past few weeks, a Lockergnomie named Wayne has submitted two separate pieces of feedback responding to Matt Hartley's posts on phishing: Phishing Season and Nigerian 419 Scams (though Wayne may not have seen the report on Vishing). No matter, he has a relatively dramatic proposal - though I'd hate to see us have to do such a thing:

Since the start of the year, I have painstakingly recorded and reported about 200+ phishing scams for PayPal, eBay, lotteries, every known bank, mortgage companies, etc. I've sent reports to PayPal, eBay, the Anti-Phishing Working Group, CastleCops, etc. Often, I get back some generated email with some pap about how to identify a phishing scam (like I didn't know already). All these institutions claim to follow up with law enforcement, but of course they must keep their legal actions "confidential" (if they were really doing something, they should advertise it to scare off new crooks)! The net is that I heartily endorse a block on the Ukraine and anyone else who is not working to stop this tsunami of phishing attempts. It's amazing how many I track back to China. Why are American companies bending over backwards to accomodate them, while Chinese spammers and phishing crooks blithely ignore any law? Maybe we should form our own posse and go after these crooks? Or how about routing all phishing scams and spammers back to their own governement websites - with an honest request for enforcement?

I see more phishing scams coming into my corporate LAN than legitimate email. I have dutifully reported these scams (hundreds) and yet nothing is done to apprehend these baddies - and that only seems to encourage them. We need enforcement, and if it means shutting off entire countries - so be it, because it's a total cop-out to say "they're foreign countries and nothing can be done!" It seems strange that local companies like Yahoo!, Microsoft, and PayPal bend over backwards to placate China on the Internet, while China blatantly ignores our laws regarding the Internet? Only aggressive actions will put an end to this escalating problem. Here's the irony: why does law enforcement go overboard to protect the music companies from illegal downloads, while ignoring this wave of phishing scams that hit the little guys hard?

I believe that with new versions of Firefox and Internet Explorer (7.0), in combination with services like OpenDNS, we'll soon see the bad guys cut off at their knees. Have you ever been phished?

Chris Pirillo