Not too long ago, a MediaPost article spoke about the author’s trials and tribulations as a result of spyware on his machine. I don’t remember the exact story – I certainly tried finding it albeit not that extensively – but it certainly involved the havoc caused by such a program. As bad as spyware is, and for those who have been infected it feels as though nothing could be worse, unfortunately, something is worse, and while prevalent, it tends not to receive the attention that spyware, adware or for that matter spam does. This potentially life impacting activity goes by the name of phishing. Why its resemblance to the popular band, no one knows, but other than name, the two “Phish” couldn’t be further apart.
If you have ever received an email that looked suspicious, one from a bank at which you do not have an account asking you to update your information or risk termination of your account, chances are this one was more than just spam. It was someone going phishing. At its core, phishing attempts to lure people into giving up their personal information. Phishers almost always solicit via email and send their message as though it were being sent from a popular company at which you may have an account - your ISP, your online store, your financial institution, etc.
In thinking about phishing and when considering what to write, the truth is that it is an incredibly complex topic but without much overall documentation. There are the technical considerations involved in the act of phishing, and it’s so complex that describing it here would take quite a long time… even longer were I the one writing it. What amazes me about the phishers, though, is their direct marketing skills. Here are people who have almost down to a science the look and feel of some of the world’s most popular brands. Not only that, but the phishers have figured out just what brands are most likely to attract users into giving up their information. They remind me of superheroes who forget that they should use their powers for good not for evil.
What doesn’t make sense about their activities is why they’d choose to do them. Not only are they spamming, but more often than not they are performing identity theft. These phishers take the credit card data entered by users, e.g. when they mistakenly believe that their PayPal account will be terminated, and open up new lines of credit with other credit card companies. The credit card companies often jump at the chance to pay off other credit card companies bills, making it a little too easy for the phishers to get access to cash under your name.
The challenge with phishers is that they are not easy to find. Imagine the best spammers and then multiply their skills and deviousness by 100. The from lines look legitimate, and with the use of javascrips they make the links to the financial institutions look like they are going to the right domain, but when one clicks on the email they often resolve to an IP or a domain that is hosted outside the country.
Their activities represent a challange not only to the lawmakers trying to stop them, but to all that engage in sending transactional e mail. When logging in to your online banking accounts you might notice warnings about these emails. If phishing volume continues to grow it will undoubtedly hurt not only the ability of finanical institutions to communicate with their customers via e mail, but it will also reduce response rates of legitiamte direct mail as the consumers might doubt the legitimacy of any commercial looking e mail in their inbox.
Customers will always be duped unfortunately. What we can hope is that the level of these scams will not continue increasing in their maliciousness. As is the case with many who break the law, it seems that phishers could make more money doing legitimate direct marketing… but it’s a Catch-22 if they do, as it would mean stiff competition for us. I’d rather have them doing legitimate enterprise though than diminishing the effectiveness of our marketing techniques. Until next week…
Digg 
