If you use the Internet enough to read a blog, chances are you've also been targeted by phishing scams. You know the types...e-mails from "Citibank" that demand your account number, PIN and favorite pet's name or mother's maiden name. In the early days, they were so poorly constructed that all one could do was howl in laughter at the attempt. "Please uh...click like here to update your account information, or we'll like totally deleet yur account." We all wondered, "What kind of idiot falls for something that transparent?"
If you've seen some of these scams lately, you'll know they've become more sophisticated (perhaps they've started asking someone who can actually construct sentences in the English language correctly to edit their communques before they send them out).
These e-mails are only a nuisance if they're from a company you don't use. I regularly get them from "banks" with which I've never done business: my spam filter catches them and I barely notice them. I frequently get them from "PayPal," but since the only real e-mail communication I ever get from PayPal is a confirmation after I've purchased something on eBay, it's easy to spot that the rest of the e-mails I get are spoofs, and I delete those.
Phishing becomes a problem when the e-mails are spoofed to appear to be from an organization you actually use, with which you frequently communicate via e-mail.
I recently got a home loan from Washington Mutual. Much to my dismay, shortly thereafter, I began receiving phishing e-mails from "Washington Mutual." They clearly discussed the fact that I had recently gotten a mortgage with the company. Up to that point, I had never received one these e-mails. E-mail messages to the company's firstname.lastname@example.org asking how such a "coincidence" could occur got me an auto-reply that stated that their systems had not been breached and that it was nothing to worry about. ("There-there...quit bothering us" was the message.) I still want to know how the scammers gained the information that I'm a new customer. Since purchasing the home, I've received an unending supply of direct mail, offering security systems, oil delivery, life insurance, window treatments, housekeeping, yard work, etc. I know they're all from the same source, because they all have my name amusingly mispelled "Trcye Schelmetie." Washington Mutual wasted no time distributing my name to all and sundry. They also had my e-mail address. Coincidence? (I promise, this is not the point where I begin discussing the men in black helicopters.)
There are warnings all over the Internet about this particular scheme: at sites such as CastleCops (formerly ComputerCops.biz), FraudWatchInternational, the AntiPhishing Working Group and more chatrooms and blogs than can be counted.
The only organization that hasn't sufficiently weighed in on the issue to me as a customer is Washington Mutual. My subsequent e-mails to their fraud department have gone unanswered. There is a page on Washington Mutual's Web site that discusses spoofing and identify theft. It gives a brief overview of how to spot spoof e-mails and issues stern instructions to not respond to them. It even includes a link to the Federal Trade Commissions's Web page concerning identity theft.
What Washington Mutal has not done is contact me via postal mail to discuss the problem. I'm convinced I'm missing some legitimate e-mails from the company, but since I now won't open anything that arrives via e-mail and purports to come from Washington Mutual, I'll never know.