Mailbag: Too many phish in the sea

Editor’s Note: Sandra Gittlen is taking a short break from the Web Business Newsletters.

Recently we discussed the far too frequent occurrences of “phishing,” whereby scam artists distribute spam disguised as messages from legitimate businesses, such as PayPal and Cititbank. The messages ask customers to reconfirm their passwords and credit card details to an executable file attachment or to a bogus Web site, in an effort to harvest personal information for identity theft purposes. Readers wrote in saying that education is key to avoid falling victim to such scams.

Reader Adric M. says the old saying “A fool and his money is soon parted” still holds true, but that in the Internet age, the parting happens faster and with less effort.

He says online shoppers “will purchase goods and services over the computer from places with no street address, no phone number, no return policy and without checking out the company.”

“My answer [is] old-fashion education. Know your source and know who you are dealing with. Use the U.S. Postal Mail, check references and use the telephone! It is harder to run a scam in person than online,” he says.

Linda Musthaler, vice president of IT consulting firm Currid & Company, and author of our Technology Executive newsletter, also wrote in to say that education is the answer and called for mass-marketing campaigns on the scale of anti-smoking and anti-drugs. She suggests consumers could pay a small tax to their ISPs to be used for public-education campaigns.

“As business and government push us toward e-commerce and ‘everything to the Internet,’ these entities have a responsibility to make sure the user community is informed as well as engaged,” she says. “I see nothing wrong in a denial-of-service attack against those who seek to steal our identities and account numbers. We also need strong federal legislations against spam, viruses, etc., that allow prosecutors to seek stiff penalties against offenders who can be traced and identified.”