Spoofing, Phishing and Identity Theft…. OH MY!!!!

Back in April of this year, a reported bug in Internet Explorer (IE) allowed a different website URL to display in the address bar than the actual website displayed on the users computer screen.  This was the result of a bug in the Macromedia Flash .swf files in IE.  But the net result was that a person with way too much time on their hands could create a link to a deceptive, or "spoofed," website that actually displays the URL of a legitimate website in the status, address, and title bars.


Why would someone do this?  Well in combination with phishing, they could create a site to ask for your personal private information so they could use into obtain credit cards in your name all while you thought you were on a legitimate web site.  In the past, it was an easy thing to just check the URL of the page displayed in the status or address areas to know if you were on a legitimate site.  Well, no more.


Spoofers and Phishers are the lowest of low life criminals hiding behind the anonymity of their computer screens robbing you without having to physically face you.  If I could, I would round them all up and send them to Iran, but not before first giving them a sex change (if necessary) and their very own burqa!  There’s some anonymity for you!!!


So what should you do to protect yourself.


·         First, keep your computer updated with all the security patches for your OS.

·         Next, use programs that will check a web page to see if it has been spoofed.  Microsoft is working on something I believe for IE7 but until then, go to www.secunia.com for a free utility.

·         Never, Never, Never click on a link of an email that asks you submit personal information.  Type in the address of the site directly in the Address bar, even if you think the email is legitimate. 

·         If the URL for the page has an “@” symbol it may be fraudulent.

·         Go to “Tools” in IE and select “Internet Options”.  Then click on “Security” and click “Custom Level”  Adjust your settings to enable prompting before installing ANY ActiveX control.

·         Beware of pages that do not have a corresponding Home page for the site.

  • If you must enter personal information, click the padlock icon in the lower right status bar.  (It there is no padlock, get out of there FAST!)  You should see the name of the server that serves the page.

Identity Theft

Identity Theft


Identity theft is one of those crimes that really makes me mad.  Why?  Because many of the people who commit identity theft don’t see it as a ‘real’ crime.  After all, no one really gets hurt, right?  So a few big banks or companies are out a few bucks.  They can afford it.  And after all, it’s not like they put a gun to someone’s head and threatened their life if they did not turn over their wallet.  In fact, identity theft is very non-confrontation making it ‘easier’ for people who never consider directly attacking a person in the flesh to steal their money.


But identity theft leaves in its wake a wide path of victims.  These people feel violated.  These people may be out significant sums of money if the credit agencies do not believe their story.  And even if they do, many credit agencies make the victim responsible for the first $50 no matter what just to prevent people of ‘taking advantage’ of the ability to call in a false report on credit extended in their name.  For many Americans, that $50 could be a major part of the cash they need for basic living expenses after paying for rent, mortgages, insurance, food, taxes, and other essentials. 


So now the Federal government is considering the Financial Data Protection Act, or HR 3997.  The House Financial Services Committee chairman, Michael Oxley of Ohio calls this a bold next step in protecting consumers from identity thieves, computer hackers and other criminals.  But this bill does not do enough.  In fact, it may even make things worse for some people. 


This bill will allow people to place a credit freeze making it impossible for anyone to obtain credit in their name, but they can only apply this freeze ‘AFTER’ they are a victim of ID theft.  The problem with this is that in 20 states, including my state of Florida, citizens can do this currently whenever they want, even before a potential thief uses their information to obtain and use credit in their name.  The Federal law would pre-empt these existing state laws and take away this right.




Because banks and credit-card issuers live on the ability to create instant credit availability and the stores who sell on credit need credit sales for many of their big ticket items and both of these make huge campaign contributions.  Thus their voices are heard.


What we need is more trained investigators and stronger laws to identify, arrest, and convict hackers and phishers with real penalties and real compensation to the victims.  Most convictions, even when they do occur, carry such minor consequences, that it makes the perpetrators view identity theft as a ‘safe’ crime, well worth the risk.  It is time to increase that risk.  Write your congressperson and insist that we need to put real teeth in the ability to find and punish people who commit identity theft.