Friday, December 03, 2004

One phish, two phish

As many of you know, I write about technology by day. Until the world recognizes the quirky brilliance of my prose and is willing to pay me huge amounts of money so that I can stay home all day and punch out words from my kitchen table while sipping hot chocolate and shooing the cat off of my lap, I'll continue to write endless variations of the "this technology is good for your business" theme.

One of the topics that comes up often in my tech-writer's world is security. As our technologies continue to evolve, the opportunities for bad people to do bad things continue to proliferate. Hardly a week goes by that a new word doesn't enter our vernacular.

Phishing (no, that's not a typo) is one such term that's grown to prominence in 2004. It represents a particularly dastardly form of attack whereby the supposed victim receives an e-mail from a financial services institution asking to verify some personal information - name, account info, PIN number, etc. The recipient is often redirected to a web site that looks amazingly like the real thing - but us cynical types know that's not the case.

Once the bad people have your personal information, they quickly schedule junkets to Vegas, all on your dime.

The trend seems to have spread to incredibly real-looking Web sites that to the uninitiated look like legitimate news outlets. But they're not. Here's one particularly well-built example. From the perspective of watering down the public's already-diluted trust in media (thanks, Dan Rather), it's a scary thing to see.

I don't understand the profit motive behind the creation of this kind of bogus resource, but I'm thinking someone clearly has a lot of free time. We live in interesting and dangerous times.


Photominer said...

wow, that is a very realistic looking site. Thanks Carmi!

John D Schultz said...

That's down right scary! It's amazing how far people will go to create "confusion" and "make a buck" in the world -- shameless!

Dean said...

They've lifted CNN's source and changed a bit of content. All the other links continue to point back to CNN's original content.

It might be defensible as parody, but I believe that you have to clearly identify that something is parody.

I don't think the world-cnn guys are trying to make money. I think they're just trying to make a point. Badly, as it turns out, because the false news story is just stupid.

Pretty much every phishing attack I've seen has suffered from poor English. How they convince anybody, I don't know, but they do.