Skip to main content


Showing posts from June, 2007

Now Fear This: Phishers learn to craft a better spam email

Phishers appear to be using techniques learned from the targeted advertising industry. Security professionals have long wondered why phishing emails are, in general, so poorly crafted, and why they don't use a handful of basic techniques which would undoubtedly improve their hit rate, and lead to increased revenue generation from phishing. In the "Today @ PC World blog, Erik Larkin discusses an email which alarms the PC World analysts (see: Threat Alert: Sophisticated E-mail Attacks Spread [PC World]). The email arrived with a well crafted text body which passed the usual "first glance" tests for spam or phishing: bad spelling, bad grammar, incorrect addressee name, mis-matched sender. It appeared to be a boring business email with a word document attached. Security researchers have known for many years that phishers typically don't employ a handful of techniques which would pretty clearly boost their success rates, techniques which are not entirely unkno…

Identity Theft with a happy ending, sorta.

The San Francisco Chronicle has an interesting tale describing how identity theft victim Karen Lodrick recognized a woman who had been using her stolen identity in line at a Starbucks. She called 911 and pursued the woman, who was arrested, tried, convicted, and sentenced to time already served (44 days) plus probation. I'm curious about one of the details, however. Ms. Lodrick and apparently the police believe that her identity was stolen when the perpetrator stole unsolicited bank cards which "she had not requested". Were these unsolicited accounts? Probably not. They are described as "debit/credit cards" and other details of the story indicate that the cards were used to extract cash (or equivalent) from her accounts. Banks routinely send renewal cards to account holders. The term "unsolicited" in this context is typically not used to describe this situation. If the bank sent her a debit/credit card for an account that she didn't wan…