Most of us know by now not to give out our passwords, ATM PINs, or other secret information when requested by e-mail. But an increasing number of people are giving out that information, even those of us who should know better. . . .
Most of us know by now not to give out our passwords, ATM PINs, or other secret information when requested by e-mail. But an increasing number of people are giving out that information, even those of us who should know better. What makes this doubly annoying is that the scam is an old one, and it has nothing to do with technology per se.

The technique is called phishing, and some very clever crooks use it. Here's how it works. You put together a bunch of HTML-formatted e-mail messages asking people to reconfirm their account information. The messages look like the real McCoy, including corporate logos and from what at first glance looks like a legitimate e-mail address. The two scams that I got recently were from sites that had the eBay and Citibank logos. Both asked me to "verify my personal information" by clicking on a link in the message that took me to the phished site.

Many people have fallen for this scam - including retired police officers and others who have plenty of experience with the criminal mind. It is amazingly easy to pull off - all you need is a dollar and a dream and some good HTML coding skills to lift the appropriate logos from the true corporate sites. Buy a list of a few million e-mail addresses and you are ready to sit back and watch those passwords roll in, and soon you will have access to hundreds of IDs to harvest.

The link for this article located at SecurityPipeline is no longer available.