Weekly News via Email
   Set as homepage | Add to favorites | Customer Service | Subscribe Now | Place an Ad | Contact Us | Sitemap Tuesday, 01.23.2018
News Archive
Su Mo Tu We Th Fr Sa
 1  2
 3  4  5  6  7  8  9
 10  11  12  13  14  15  16
 17  18  19  20  21  22  23
 24  25  26  27  28  29  30
Online Extras
Site Services
Around Bend
Outdoor Fun
Travel Info
Shop Local

Members Of

Poll: Today's Live Poll
Email to a friend | Print this | PDF version | Comments (0 posted) 
  Blogger |   del.icio.us |   digg |   newsvine

Dec 08,2006
Research on Phishing Uses Tricky Technique
by Jonathan Sidener

It looks like you won the auction for the DVD player on eBay but haven't paid the seller yet. It says so right there on the e-mail with the official eBay logo. Of course, you didn't bid on a DVD player, so it must be some kind of misunderstanding. All you have to do is click on the link, sign in with your account name and password.

The vast majority of Internet users will recognize this and similar messages that purport to be from eBay, CitiBank or the Internal Revenue Service as phishing scams, attempts to trick you into revealing passwords and other personal information such as Social Security and credit card numbers.

Most people simply delete them. A few gullible souls respond and become victims of identity theft. And the parasitic phishers will repeat the cycle.

Phishing -- it gets its name and oh-so-clever spelling from the hacker culture -- has been around for years. But here's a new twist. A couple of guys sending out fake eBay e-mail have gone public. And it turns out that they're university researchers.

Two scholars from the Indiana University School of Informatics wanted to measure how many people respond to these scams, so they sent out about 1,000 phishing e-mails.

I'm sure these guys meant well, but my initial reaction was, "What a couple of jerks." Studying phishing by phishing seems to me to be a lot like studying fire suppression by pouring gasoline on a blaze.

Researchers Markus Jakobsson and Jacob Ratkiewicz went to great lengths to measure responses without giving themselves access to respondents' personal information. People who clicked on the fake phishing e-mail were actually sent to eBay, where they could answer a question posed in the e-mail. The researchers had their experiment approved by the school's Human Subjects Committee, which is supposed to ensure that no one is harmed by an experiment.

But imagine someone's grandmother receiving the researchers' fake e-mail. She clicks on a link that she shouldn't but ends up at eBay. Gullible Granny gets the message that it's OK to click on a link in an e-mail from a financial site. Isn't she more likely to click on the next phishing attempt that lands in her inbox?

Obviously they lack a cynical journalist on their Human Subjects Committee.

Despite these objections, you have to love the idea of fake phishing. If done right, it might jolt some sense into the small number of people who respond to these things.

It would be like an inoculation.

Here's my suggestion: In every family, every circle of friends, there's one or more person who's still forwarding the "good times" e-mail hoax or the "Bill Gates will pay you to forward this to everyone you know" e-mail or the latest chain letter.

It won't be hard to identify the gullible among us who need inoculation.

I think eBay and other frequently targeted Web sites should set up fake phishing services. Anyone could go to the site and type in the e-mail address of a suspected naive person.

The service would then send a fake phish to the target. If they click on the link, they could be directed to an educational site, where they could find a heartfelt message.

"Dear Granny, I love you very much and I was worried because the Internet can be a very dangerous place. Never, never, never click on this type of message."

More loutish offenders might require more direct language: "You dolt. Why did you click on that link? You just got phished, suckah."

Then, they could find tips on avoiding phishing scams, such as, "Never click on a link in an e-mail from a financial institution."

Another good tip is, "Never click on a link in an e-mail from a financial institution."

Then there's my favorite, "Never click on a link in an e-mail from a financial institution."

No doubt eBay will see the wisdom in my suggestion and launch such a service any day now. Until they do, it's up to everyone to identify the weak links among friends and family, and administer some tough love.

"Dear Granny: Remember the time you whacked me on the knuckles with a spatula when I tried to snatch a chocolate chip cookie? Don't ever click on the link in the e-mail from a financial institution. I know where you keep your spatulas. Get the picture?"

Copley News Service

1360 times read

Related news
FBI warns of e-mail scams by UPI posted on Jul 18,2007

Fishing vs. phishing by Onell R. Soto posted on Jan 26,2007

Honorary consul to Japan gets hard lesson on phishing by Peter Rowe posted on Nov 09,2007

Justice Department alerts public about fraudulent spam email by Bend_Weekly_News_Sources posted on Jun 29,2007

Did you enjoy this article? Rating: 5.00Rating: 5.00Rating: 5.00Rating: 5.00Rating: 5.00 (total 14 votes)

Market Information
Breaking News
Most Popular
Most Commented
Featured Columnist
Horoscope Guide
Aquarius Aquarius Libra Libra
Aries Aries Pisces Pisces
Cancer Cancer Sagittarius Sagittarius
Capricorn Capricorn Scorpio Scorpio
Gemini Gemini Taurus Taurus
Leo Leo Virgo Virgo
Local Attractions
Bend Visitors & Convention Bureau
Bend Visitors & Convention Bureau

Mt. Bachelor Resort
Mt. Bachelor Resort

Les Schwab Ampitheater
Les Schwab Ampitheater

Deschutes County Fairgrounds
Deschutes County

Tower Theatre
Tower Theatre

The High Desert Museum


Deschutes County

  Web    BendWeekly.com
© 2006 Bend Weekly News
A .Com Endeavors, Inc. Company.
All Rights Reserved. Terms under
which this service is provided to you.
Please read our Privacy Policy. Contact us.
Bend Weekly News & Event Guide Online
   Save the Net
External sites open in new window,
not endorsed by BendWeekly.com
Subscribe in NewsGator Online
Add to Google Add to MSN Add to My AOL
What are RSS headlines?