The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Tuesday, February 07 2012 @ 01:37 PM PST

Privacy problems with Instant Messaging - Phishing

Saturday, March 12 2005 @ 10:25 AM PST

Contributed by: Richard Pitt

Newsletter PostingsIn addition to my regular customers, this message is going out to a number of people I do business with or deal with professionally. To them I bid hello, and I hope you will visit some of the web facilities I've put together over the years with other tips and suggestions - see My blog and My website

To the rest, sorry for not sending anything for the past while - but things have been hectic.
Instant Messaging:

For those of you who use or have friends/family who use AOL for anything (I know you're out there, otherwise there wouldn't be so many AOL customers) you should know that they (AOL) have just changed the terms of service agreement for the use of their AIM (messaging) service. See http://www.aim.com/tos/tos.adp for the wording and http://www.benstanfield.com/thrash/2005/03/aol_eavesdrops_.html for another article on the implications.

This brings up the point that using any "public" service such as e-mail or instant messaging, or even your cell phone without using some sort of encryption facility is putting your information and privacy at risk. AOL in this case is going a bit too far in their grabbing the rights to use what you might send thinking it was private, but the point is that you should think twice about such facility's use no matter what.

One company I've worked with had the (bad) habit of using Yahoo messenger for discussing product plans and such with work-at-home employees and associates. There are secure and private software systems (even free ones) that can be used instead and these certainly should be used when discussing legal and business topics - and probably should be used if you're discussing something like the drug habits of your teenage nephew or other personal topics.

The major thing to remember is that there is always the possibility that something you discuss with your friends/associates over Instant Messaging will be published somewhere by someone and there is nothing short of not discussing it on such facilities that you can do about it.

If you are interested in a secure free private messaging facility, see WASTE

Phishing - the bad-uglies making their own website look like one you normally deal with (bank, E-bay, etc.) so they can steal your account information or identity and then your money.

The number of such bait e-mails I get is incredible - mostly for companies I don't do business with so they are not effective at all for me - but I happened to get one for a company I do deal with (name not given to protect the innocent) and just for a lark I did some digging. First let me assure you that I never for an instant thought it was legitimate!

The difference between the Phishing web site and the real one was almost unnoticeable except that the real one simply does not ask the same questions as the fake one did. The graphics and placement were identical - same fonts, same everything, which of course is fairly easy as any browser can save the code that paints the picture you see with the click of a mouse.

The point is that the real bank in this case would never send out an e-mail asking me to log onto their site and provide my account and password information. If they thought my account was compromised they would (and have in the past) phone me or contact me via snail-mail.

Even if they do contact me by e-mail, they never provide a clickable URL to their site but instead urge me to enter it manually into my browser - the best way to know you are going where you think you are going.

Today's web-enabled e-mail (HTML encoded) allows the message you see to be different from the real message. In the case of the above phishing e-mail, the URL that I saw was the bank's real one, but if I looked at the "email source" I could see the the real place it was sending me was actually in the Ukrane - and I don't think my Canadian bank has a branch there. What I did at that point was send a copy of the e-mail complete with all headers to "abuse@..." the domain of the real bank. I got a canned reply showing they were aware of the ongoing use of such tactics and that they were very happy I'd sent them this one. I don't expect I'll hear anything more, but if I'm the first to send them a particular one at some point then my work is done.

If you are ever in doubt about whether a particular e-mail is legitimate you may forward me a copy and I'll look at it for you. Same thing for any other questionable items you come across. I don't have time to deal with hundreds a day, but I'm always interested in something new if you find it and will pass on my findings to others as appropriate too. Please make the subject line contain the words "Question for Pacdat" so my own spam filter won't flag it.

richard

Story Options

Trackback

Trackback URL for this entry: http://digital-rag.com/trackback.php/20050312102544212

No trackback comments for this entry.

0 comments

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 28 votes | 0 comments