Friday, October 14, 2005

AN ECONOMIST WALKS INTO A BAR.

AN ECONOMIST WALKS INTO A BAR.
HE HITS ON AN ACTUARY AND TELLS HER SHE HAS A GREAT PERSONALITY. AND HE MEANS IT.

PHISHING, ANYONE?

Identity theft is a big problem. It is a vexing problem for individuals who have their identities swiped[i] and can cause both financial loss and personal disruption. There are lots of ways for thieves to steal a person’s credit information. A common, but easily avoidable method, is “phishing”.

Phishing works like this. A phisher will send a broadcast email from a fake server address to a large group of email addresses. The phisher doe not care who they are. The phisher will represent himself as a large and trusted organization or business. The Author was recently phished, so he will use the particulars of this phishing attempt to explain the scam.

The email will state that it is from a bank, from a credit card company or other organization. (Currently, there are hurricane relief scams, and probably a few phishs working.) The phishing email will ask you to go to a website link contained in the email. These links are to fake sites that appear to be legitimate. They will even contain the web address of the legitimate organization.

The email or the website will say that they need your bank account and credit card information for some legitimate sounding reason. They might say that some data was lost and they need to confirm your information. In the Author’s case, the phish pretended to be from Microsoft Outlook and said that if he did not provide the requested information, his email service would be terminated. Of course the Author “smelled” a phish and knew that Microsoft Hotmail was a free service. But the Author went to the site out of curiosity.

The site looked legitimate. It had text boxes for your bank account numbers and PINs, credit cards and PINs, and even asked for the number on the back of the credit card. The site said that the information was required to continue Hotmail service. The Author typed in some vulgar number[ii] strings (there are a few, if you are really warped) and sent the information back to the phisher. He then emailed Microsoft about the scam.

EMV CARDS BECOMING THE EUROPEAN STANDARD

Europe and the UK tend to lead America in consumer IT privacy and security. Europe is moving to the EMV(Europay, MasterCard, Visa) Smart Card. Current magnetic strip cards have only two levels of authentication, user name and password. These are static pieces of data. They do not change unless a person gets a new card or changes their password.

The EMV card combines with a card reader to generate a session, or one-time passcode. This passcode can also be linked to the transaction, so even if a criminal intercepted the passcode, it would only be useful for that single transaction. This reader would operate similar to the reader at the supermarket checkout.

The EMV card might also find home use. Card readers might operate as computer peripherals (mouse, keyboard, USB Device) and an online purchaser would only have to swipe their card on this reader for on-line purchases. More security, less time, lower transaction costs. Works for the Author.

THERE ARE ONLY 10 KINDS OF PEOPLE IN THE DESERT OF THE REAL. THOSE WHO UNDERSTAND BINARY AND THOSE WHO DO NOT!



[i] No pun intended. This post rafts more down the consumer economic river, but it is important information for newer internet users and is a way to weave in the Author’s IT security gig.
[ii] Integers, to you fellow geeks.