|
Written by Tony Phelps
|
|
Thursday, 17 November 2005 |
Increasing use of the internet for moving funds around is encouraging
crime by people you won’t be able to see, hear or touch. With a few
numbers and a password, large sums of money can quickly disappear to
untouchable places – and the money could be yours.
In spite of advanced technology such as encryption & firewalls and
hard-to-guess passwords, the easiest way to defeat security is to go
round it instead of through it. Why try to break down a fortified door
when you can ask someone to open it for you?
This is the essence of “phishing”, the hi-tech version of the oldest
security breach – the confidence trick. Phishers want you to tell them
your secret information, and they get you to do it by fooling you into
thinking they are the real thing. Nowadays, this is most often by
email. Millions of people, including just about everyone in Vanuatu,
are sent an email pretending to be from an organization like PayPal,
eBay, Westpac or ANZ. At least some of the recipients will have an
online account with the organization, and reportedly as many as 5% of
those who do will respond to this fake email.
What happens next depends on the phishing email. It may have a link to
a website that looks just like the real one, only anyone who tries to
login will get an error message saying something like “Sorry, the
website is temporarily unavailable”. Meanwhile, the criminal records
the login information and immediately uses it on the real website to
start transferring money.
Does all this mean you shouldn’t use the internet for financial
transactions? No. Online transactions are quick, convenient, and
sometimes the only practical way to do things. It does mean that you
should be careful and sensible. If you receive an email about an online
account, don’t reply to the email or use any links in it. Go to the
real website, and look for information there, or send an email to a
contact listed there. Bear in mind that you should never be asked for
(and should never give) your passwords or PIN numbers. And if you think
you’ve fallen for a phishing scam, talk to your account manager as soon
as possible to stop any unauthorised activity.
|
