Phishing: A Lazy man’s fraud!
Phishing is a type of fraud that is ideally suited to a lazy fraudster! After all, what work do they have to do? They don’t have to build a website, just simply copy one of the bank’s site, and they don’t have to even send the email themselves, just go to your nearest spammer who will be more than happy to do that for you! And writing the email!!?? Worry not Mr Lazy Fraudster, you will also get that from your nearest bank. All you have to do is add your domain voila, now you can collect people’s bank account details. And we are sorry, Mr. Fraudster that we can’t automate the withdrawals from each account - you have to do that manually! But then again maybe a 14 year old script kiddie could automate that for you too! Just ask your nearest nerd.
The point is Phishing is not even intelligent, nor require such hard work! It hardly is your “Italian Job”! Where is your strategist, disciplined and clever fraudster who is after your money!
Well, they are on their way!
When I invented this tool called Verification Engine to verify web content, people said what for? I said: Wait and see! I called it a tool to eliminate “spoofing a website” – today’s term for “phishing”. Was I a “scare monger” then? Time has proving that I wasn’t! Am I scare mongering now when I claim that these phishers are just the “first wave of attackers” or the foot soldiers . Unhappily, this first wave will be followed by the “armoured cavalry” as the next wave and they will keep coming! Just wait and see! Today, we mainly have the opportunist fraudster, but we are seeing the organised crime with more resources moving into the Internet feeding ground. Now it’s commercially viable for organised crime to exploit Internet.
We have this castle called Internet and someone has left the castle gates open so all these opportunists fraudster are waltzing in! We have built the internet with no authentication “doors”, no verification whatsoever!
Is that wrong? No of course not. In any technological development you first get it to work, then you get it to work, faster, more secure, more efficient etc. It’s the way the technology gets built! Just look at cars, in 1950s security was not the biggest selling feature - was it! It is now! People were getting killed at 30 Miles an hour crashes, because they did not have seat belts and cars were not built with security in mind! Compare that to today’s cars with Side Impact Bars, Air bags everywhere, with Anti Lock Brake systems and so on…
What’s important is to understand when we need security, authentication and assurance! Did we need assurance technologies on the internet on early 90s, maybe we did maybe we did not. But do we need it now because now we have built “Value” into Internet which needs protection. We do our banking there, we purchase things there and we share confidential information with other people on the Internet. And anything of value it must be protected!
Where would we be without Side impact bars, air bags, Anti lock brake systems? Roads would be more dangerous for all of us. Internet must be secured, authenticated and I as a user must have assurances that I can confidently use Internet… Funny… As I am writing this article, I just received an email from “Paypal” asking me to login to my account and I don’t have a paypal account and the URL is not a Paypal URL, but nevertheless I went to that side and entered my “Username and password” for the lazy fraudster who now has to enter one more password to paypal account only to realize that its the wrong one :). …
Anyway, here is the point - let’s understand the underlying problem and fix that! The reason why Phishing and Pharming exist is because we cannot verify what we see! It has little to do with the way we receive emails. Unless we give the users the ability to “verify what they see” we will continue to suffer from this vulnerability called phishing. Instead of trying to fight the enemy once they through the open castle doors, let’s close the doors!