Let's Be Careful Out There!

I love technology, a lot. But occasionally, it bites.

I got bit, recently, when a friend sent me some truly unbelievable pictures of the unfolding tsunami disaster. I trusted him, and he trusted the source he got them from, so he and I both forwarded the pictures -- he to a large list of his friends and acquaintances, and I to my wife. However, I happen to subscribe to a "New Urban Legends" feed, and within a day or two I found that the pictures were clever fakes.

Somewhere, the chain of trust had a weak link, and that is still a major weakness of the internet. We can never completely trust what we see.

A 'blog,' as I mentioned in my last column, is a kind of on-line diary, or journal, that anyone may create for others to read. ('Blog' is short for 'web log.') Recently, I found a reference to the "Bill Clinton Daily Diary", with a link to it that I followed, with some curiosity. If you think it's suspicious that Bill Clinton would reveal his innermost thoughts on such a wide range of titillating subjects in a published diary, you're starting to catch on. However, there are apparently a large number of people who have been reading this for months, not realizing that it's fraudulent.

In the first case, the harm was only a little embarrassment for me, and a bit more for my friend. Actually, the embarrassment toll was quite large when you consider the extended chains of forwarders, of which we were only a small part. We can survive embarrassment, and while I have no idea how Bill Clinton puts up with someone masquerading as him on the internet, or even whether he has any recourse, I suspect he will survive the misrepresentation. However, there are people out there who want to steal your money by misrepresenting themselves, and gaining your trust.

In the last week alone, I have received three "memos" from "banks" like this, purporting to "protect the security of your account." These emails typically direct you to a website, wherein you are supposed to "confirm" the I.D. and password of your account. Recently, these emails have begun to use good English grammar, have exact duplicates of business letterheads, and have at least some face plausibility. Even if you examine the internet header, you may have difficulty finding clues that the email isn't legitimate.

I have received letters similar to this one from banks, credit card companies, eBay (an online auctioneer), and PayPal (a company that brokers monetary transactions between buyers and sellers on the internet.) Collectively, these scams are known as "phishing." The scammers "phish" for personal information they can use to steal your identity, and subsequently to steal your money.

How do you protect yourself? Certainly, be suspicious of any email asking you to provide ID's, passwords, Social Security number, or other personal information. If you have any suspicions, it's quite easy to investigate them. I begin by using Google. I type in a precise quote from the suspect email, with quotation marks, and inevitably it brings me to a fraud report. There are web sites dedicated to providing information about frauds, scams, and hoaxes. Here is a couple:

• http://www.snopes.com
• http://www.fraudwatchinternational.com/

Any website which asks you for personal information should have a URL address beginning with "https://", with the 's' on the end standing for 'secure.' On a slightly different track, definitely, keep your virus protection software up to date, and don't open email attachments without being certain of their trustworthiness.

Hopefully, we will see improvements in the internet's ability to authenticate identity, so that we can know for sure whom we are communicating with. In the meantime, as Sgt. Esterhaus used to say on Hill Street Blues, "...And, hey -- let's be careful out there."

Power to the people.

T.I.N.