Saturday, July 02, 2005


Well the experts are at it again and it’s a real bone headed stunt this time. It seems that I received an email the other day that I just knew was a phishing attempt. My credit card company (one of the largest in the country) had sent me an email explaining their new security feature of providing one time use numbers for on line purchases.

Having a number that was only good one time would make stealing the number worthless. Good idea!! I’m thinking that maybe these guys have it really together. Here’s a simple, cheap to implement, useful answer to stop online credit card number theft from being effective. Steal the numbers, so what, they’re useless.

So far so good I’m thinking as I read on through the very BOOOOOORING letter.

Then suddenly as I read on the alarm bells begin to ring. They (the credit card company) want me to click on an embedded link to go to their site to automatically activate this feature.

“YEAH RIGHT” I’m thinking.

Who do these idiots think they’re dealing with some dumb newbie?

Do they really think that I’m that stupid?

Now being a good net citizen I went straight to the banks site and sent a copy of this email to their “security” contact address. Now I’m I thinking that have nothing to do but sit back and wait to be thanked for reporting this new phishing attack. I just know that the bank will be glad to be able to warn others about it.

Well guess what?

I get a call from the bank the next day telling me that this email is correct and it really is from the bank credit card center.

“WHAT you guys are sending out emails that contain links to be clicked to go to your site.” I said. “Don’t you know that’s the favorite method used by hackers and phishing artists to get us to go to their bogus sites and be ripped off.”

“But this is different, said the agent on the line, we really did sent this email. It really will take you to our site.”

“But how should I know your email from all of the other phishing email that I receive”, I ask?

I get a long silence from the other end before he says that I don’t understand how this works. When I click on the link I will activate the one time use credit card number security feature which will protect me from such things as phishing and credit card number thieft.

“But what if a hacker or phisher gets a copy of this letter and changes the link to take me to a site where they try to get me to reveal my credit card information I ask? If I have any doubts and contact the bank you guys will even tell me it’s ok. Just like your doing now. How could I not be fooled by this copied email from going to a rogue site. You've told me everything is ok.”

“But it is ok the agent says. You don’t have anything to worry about we did send you that email.”

Well as you can guess by this time I’m giving up on this guy so I thank him for his help and ask to talk to his supervisor. When the supervisor comes on the line I let him know that I think I’m going to changing my credit card company and could he just put a hold on the account until I can pay off the balance due.

I bet you know what he said. “Why would you want to do that?”

Well I told him that I would send him an email to explain it to him if he would just give me his email address. While writing this email I was sorely tempted to enclose a clickable link to my blog site so he could read this letter but I resisted.

Besides he wouldn’t get it anyway!!!!

PS another article on the subject can be found here.,1759,1833855,00.asp?kc=EWRSS03129TX1K0000614

PPS Have a safe and sane Fourth Of July everyone. I want to see you back here again so be careful.

No comments: