Nov 26, 2004
Phish scams make waves
Malevolent geniuses are trying to steal from you through the Internet. They’re devious little Lex Luthors planning theft and fraud on a massive scale, and their primary strategy is to go phishing. Phishing scams are official-looking but fake e-mails and Web sites designed to lure you into revealing personal financial information – or the keys to access that information, like a login name and password. They appear to come from a trusted source (your bank, PayPal, eBay, etc) and tend to use a logical call to action that is hard to resist.
Last June, during the two-week-long hemorrhaging of the Royal Bank’s national IT infrastructure due to some bad code and an even worse code-review process, a “Dear RBC Royal Bank Customer” e-mail started arriving in in-boxes. It looked like an official request asking for card numbers and passwords in order to verify customers’ standing due to “increased fraudulent activity.” If you didn’t follow through, said the e-mail, your “account will not be verified and your access to the account will be blocked.”
Clicking a link in the e-mail led to a slickly designed Web site (complete with RBC corporate branding) where you were asked to enter account information. It all appeared legitimate until a close look revealed the URL wasn’t quite right.
A properly skeptical and jaded 21st-century Internet user would obviously recognize this e-mail’s malodorous stench, but some people didn’t.