• United States

Too many phish in the sea

Nov 18, 20033 mins
Enterprise ApplicationsViruses

* Anti-virus experts warn of yet another online ID scam

Editor’s Note: Sandra Gittlen is taking a short break from the Web Business Newsletters.

Anti-virus companies are warning online shoppers about a new e-mail worm that first appeared last Thursday posing as a message from PayPal, the online payment company. Spam programs are used to spread messages containing the W32/Minmail-I virus attachment in an effort to harvest credit cared numbers and account passwords.

Minmail-I is a new version of the Minmail worm, which first appeared in August, and unlike earlier versions the new variant contains a message that tells recipients that their PayPal account will soon expire and that they need to re-enter their credit card information through “our secure application,” referring to the executable file attached to the e-mail message.

When users click on the file attachment, the worm opens a window on their desktop that displays the PayPal logo and contains fields for entering their PayPal account password and credit card information, according to Sophos Senior Security Analyst Chris Belthoff, who is quoted in an IDG News Service story about the latest worm.

The PayPal scam follows a similar effort in August to fool Citibank customers. In an e-mail that appeared to be sent by Citibank, customers were warned that their checking accounts could be blocked if they don’t provide their user information, the bank said.

In July, the FBI and ISP EarthLink warned about a spike in such scams dubbed “phishing” since the beginning of 2003. The FBI said that it has seen a “steady increase” in complaints to its Internet Fraud Complaint Center about the phony Web sites. Retailers, online auction sites and ISPs are frequent targets of the scam artists, the FBI said.

Various individuals are proposing counter-hacker measures. In his recent Compendium column, Network World Fusion Executive Editor Adam Gaffin notes one proposal: A Perl script that repeatedly fills in the bogus forum with fake data.

The author of the proposal explains: “Yes this is in effect a request for a community DOS attack. While I do not condone DOS it seems to me that if a few Internet savvy people examine the evidence, can make a positive ID, and can see a valid opportunity prevent to scams like this from making enough money to be worthwhile……why not? You WILL probably save at least one person from losing their life savings and that has to be a good thing. “

What do you think? How can we avoid falling victims to these scam artists and how can we stop them from phishing for our private information? Please send responses to Linda Leung ( and we’ll include your ideas in a forthcoming newsletter.