Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
IT Management
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Phishy e-mails and Web sites: What's your responsibility?

By Larry Ponemon
August 24, 2004 12:00 PM ET
Recommended
(6)
Digg
Share/Email

Computerworld - Welcome to Computerworld.com's new monthly column on IT ethics by Larry Ponemon.
The Ponemon Institute in Tucson, Ariz., conducts independent research and education designed to advance ethical information and privacy management practices in government and business. To learn more about your interests and perceptions about these issues, we plan to ask a few questions at the end of each monthly column. We hope you will take a few minutes to respond (editor's note: The survey is now closed). If you have any questions, please e-mail us at research@ponemon.org.

-----

Tom was an avid collector of antique train sets. One morning while scanning his e-mail, he noticed one from an online auction site from which he purchased a good part of his collection.
The e-mail had the familiar logos and graphics Tom was accustomed to seeing with a tempting message that he could purchase a 1938 Lionel caboose for less than $50. The message was irresistible. Tom provided his credit card number and shipping address. The site also asked for his Social Security number. Not thinking twice, Tom entered the nine digits. The next day, on his way to the grocery store, Tom stopped at his bank's ATM. To his horror, his balance was zero. He also found that his savings account was wiped out. A "phisherman" had hooked another victim.
The typical phishing experience starts with the receipt of a fake e-mail. The e-mail sender and subject line claims to be from a legitimate, trusted source such as an online auctioneer, bank, mortgage broker, credit card company or Web retailer.
A common message is a "customer service request" asking subjects to click onto a Web site, supposedly to resolve a glitch or problem within their account, perhaps to reset a password or personal identification number. As in the case above, it can also be an offer to purchase a product or service.
Because the fake e-mail often starts with a blast to millions of randomly selected e-mail addresses, most people don't respond because they don't have an existing business relationship. The goal for the criminal is to cast the net as wide as possible, luring in a few susceptible people who believe this is a legitimate request for information.
While the mere act of reading the e-mail advertisement or Web site can unleash a persistent cookie or Web beacon onto the user's computer system, the more serious security problem arises when the individual visits the spoofed Web site. The best spoofers do an excellent job of re-creating the real corporate Web


Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints
Jump to comments

IT Management

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?  

Strategies for Driving Down IT Support Costs with Lite ITIL Practices
View this now!

Infonetics: WAN Optimization Appliance Market Highlights 1 Q09
Vendor market share positions shuffled once again in 1Q09, learn more now!  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Improving Customer Retention and Satisfaction
Download this White Paper Now!  

Efficient Root-cause Analysis in the face of Datacenter Complexity
Isolating Virtualization and n-Tier Application Issues, Measuring Success, Assessing Business Impact, and Enabling Technologies

Supporting Employees Anytime, Anywhere
Download this White Paper Now!  

Enterprise Data Governance: Bridging the Business-IT Gap
Register for this live webcast today!

People + Processes + Technology: Creating a Winning Formula for Customer Support
Download Now!  

Usability Is Everything
Download this short video! Provided by Workday.

All White Papers | All Webcasts

Computerworld Reports

Computerworld Technology Briefings IT Service Management

Computerworld Briefing: The State of Data

8 Questions To Ask About Your Intrusion-Security Solution

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.