Phishing: Fishing mis-spelt? Not quite.

I received an email stating that my email id was randomly selected in an online UK lottery and I have won $ 2, 000, 000, 00. By George! Am I lucky or what? Well, not quite.

This is a typical example of Phishing. Phishing is

the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords. (Webster's New Millennium™ Dictionary of English)

Anyone who tries to gain access to your personal and/or financial information fraudulently is a phisher, be it a friend or a foe. Beware! Phishing is the virtual version of Social Engineering.

I began reading about this and found a whole lot of mess happening in the cyber space. This started in 1990s with America Online Customer’s who were lured into providing their account details. Once the phisher got access to their account they could virtually do anything, from sending spam emails to defaming their credibility. Over the years, Phishing has evolved significantly and have now become more professional. Phisher's have become so organized that they are beginning to create exact replica of bank and other financial institution websites and mis-lead customers to enter their financial information. Do-It-yourself kits are also available now.

Guess what; I received another email stating that HSBC has implemented security procedure to safe guard Business Customer’s Data against unauthorized access or use and that I am required to fill a Business Internet Banking Form (BIB Form) by clicking on a link. This is another classic example of phishing.

One wonders, is it possible to have someone give away all their details, just like that, Snap!. Apparently yes, says reformed social engineer Kevin Mitnick. He says it is easy to have someone give these details rather than spend time hacking their system.

So, how does one safe guard oneself from these threats? Normally, all these emails get filtered as spam mails. I use Gmail and it is the best! However, as I mentioned they keep evolving and one or two do get into your inbox. Remember these as ground rules

1) Don’t get tempted when you read emails which tells you that you have won some prize money

2) No Bank or Financial Institution would ever send you an email asking you to update your login name and password online. (If they actually do, then its safer to end your relationship with them ;-))

3) If you have done such a thing, call the bank immediately and request for your account/credit cards to be locked and a new set of password be given.

And last but not the least, remember

Even a fish wouldn’t get into trouble, if it keeps its mouth SHUT!

The following links provide useful info on phishing

A brief history of Phishing from Symantec Corp: Fighting neat and clean! : Part 1 and 2

Wikipedia : Phishing

How much is enough?

The Fed cut interest rate for the fifth time. How much is enough? US has been in recession for few months now (even though the Govt says it is trying everything to avoid one, except admit it) and for some reason they feel cutting interest rate will help them get over it. In fact this behavior of Fed known as Greenspan's put actually instills confidence in the lenders to be even more careless.

The US mortgage industry is governed by acts like HMDA, RESPA, and FCRA. These acts are supposed to keep a check on the lenders, protect the borrower’s and to ensure that no one community is favored or neglected. In spite of these, the US is now neck deep in Subprime quicksand which is dragging the whole economy back to what it was a century ago. Sadly this is being viewed as an unforeseen natural calamity by the US Govt and is trying hard to sanction economic relief package to aid the ‘victims’.

The truth is, it is a conspiracy and every one is guilty as charged (Surprisingly no one has been charged yet); The lawmakers for not enforcing the already established rules, lenders for luring otherwise unqualified borrower’s with bizarre products like Interest only loans, NegAm, balloon loans, jumbo loans (credit should be given to those who designed such products) and the famous ARM loans with teaser rates at the time of signing but would reset to high interest rate with exorbitant monthly payments in few years, Credit rating agencies who rated these mortgage backed securities as A’s and A+’s and AAA+’s without properly analyzing the underlying portfolios and finally the consumer who just got greedy.

The million $ question is, didn’t anyone foresee this? Simple answer is yes, warning bell(s) were sounded but they were ignored. No one wanted to be the party pooper.

I feel that an extensive investigation needs to be conducted and all those found guilty should be punished. Guess what, FBI has just woken up from deep slumber and is planning to investigate 14 Financial Institutions for alleged involvement is improper trade practice. I hope this marks the beginning of a long over due clean up of the US economy.

In the domestic scenario, when the Fed interest rate cut happened, there was speculation that our own RBI will reduce the repo rate...Why? For many reasons (none in particular which is why it is called speculation). But unlike the fed chairman, Dr. Reddy did not reduce any interest rate stating such a move would accelerate the inflation. Kudos to Dr. Reddy.

For those who would like to get an over view of the Sub-prime here’s the latest.

Resources
Summary of the 2007 Sub-prime melt down

Part 1 , 2 and 3 of What 'could' have been done to prevent the Sub-prime crisis? updated Feb 17, 2008

What the US Tax rebates mean? updated Feb 14, 2008