• United States

Phishing just the start?

Jun 07, 20042 mins

* Dr. Internet columnist Steve Blass offers his thoughts on what will follow phishing scams

What will come next, after ‘phishing’ scams?

What will come next, after phishing scams?

Phishing ( is the use of spoofed e-mails and Web sites to fool recipients into divulging personal financial data by convincing them to respond to what seem to be legitimate communications.

We recommend that you never divulge personal information unless you start the transaction.

Never click links in e-mails that claim to be from your bank, and do not give your credit information to people who call you on the phone. Start fresh by typing the Web address into a browser, or call the company yourself.

We think we’ll next see the online analog of poachers who fish (phish?) with dynamite. DNS spoofing and DNS cache poisoning are already problems.

We recently have seen viruses that overwrite DNS server settings and host files. Now is the time to learn about DNS utilities such as “dig” ( and to write down the IP addresses of the servers involved in your financial life, so you don’t lose everything to a sophisticated DNS scam.

DNS vulnerabilities such as this were described 10 years ago at a Usenix Security Conference, and very little has been done to fix this. While Berkeley Internet Name Domain is no longer easily compromised; it is still easy to spoof DNS.