Wednesday, September 20, 2006

Cyber Crime Made Easier Through Impersonality

By Coenraad De Beer

What makes you suspicious when someone from your bank comes to see you to update your personal details? The most obvious answer is the fact that the bank never does this. Why can’t they call you and ask you to come to the bank, why do they need to send someone in person to come and see you, in fact why do they need to update your details in the first place? This seems rather obvious to many people but once they get an e-mail asking for the very same thing, they seem to loose their reasoning ability. The main reason for this is the fact that the e-mail is impersonal and your normal instinctive reactions that kick into place when someone personally asks you for this information do not necessarily do their job when you are confronted in an impersonal way.

The impersonal nature of e-mail makes it an easy way of asking for things that would have been hard to ask when you were facing the person face to face. Unfortunately fraudsters discovered this and are using it to steal critical and personal information from people with a technique called phishing. They disguise their request for information with the logo, letterhead and e-mail address of a well-known and trusted company and create a false sense of security among the recipients of the e-mail and lure them into a trap. Anyone can create a web site that looks like a corporate site, so you can’t trust any site that looks like a corporate one. If you look more closer to the content of these sites (and e-mails) you soon discover certain inconsistencies, some are small and some are more obvious. But little things like spelling errors, bad grammar should start flashing warning lights right away.

People should realise that real organisations never ask for critical and important information though e-mail, nor the telephone or any other means of communication. You have to supply these details in person to an official of the company at one of their offices. E-mail is very insecure and can be intercepted in many different ways. And by the way, why would banks want to confirm your credit card information or pin numbers, they have it on record and they were the ones who issued you the credit card number, why would they want to confirm or update it, what is there to update when it comes to a credit card number, pin or password?

It seems like people have a different set of rules for reasoning in the real world and on the Internet. People are more suspicious on street than on the Internet. One of the main reasons for this may be a lack of knowledge of how things on the Internet work. Everyone knows you can’t trust a hawker on the sidewalk but many people trust almost any web site because they can’t see what’s going on behind the scenes. For all you know a bum can run a corporate looking web site from an Internet cafe. It is general knowledge that you can’t trust the hawker on street, but several decades ago people did not know it. Once it becomes general knowledge how fraudulent web sites look and how they operate, you will see a decline in phishing scams of this nature. Unfortunately, fraudsters always find a new way of tricking people and the educational process of identifying scams and fraud will start all over again.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against malicious software.

No comments: