Aunty Spam: Frying Phish 5/17/2004 - 1,315 views, 5 Comments
|
Previous Article « Mind Gold: We Create Spam for You…er…You Send Spam for Us..er..You Pay Us…Argh! I’m So Confused!
Read Next Article » Aunty Spam: How to Ensure That the Email You Send Actually Gets Delivered
I keep getting email which appears to be from PayPal, or from eBay, but which really is from some scammer who seems to be trying to get me to give them my password or account number or credit card number, and not from PayPal or eBay at all. What can be done to stop this? What if somebody does this and pretends that they are sending mail from my company? Isn’t it illegal to impersonate a business or something? Ted — Dear Ted, The activity you describe has come to be known as “phishing” (pronounced “fishing”), and it is indeed illegal, on many levels and in many ways. Phishing involves making your email appear to be coming from a known company, and then trying to get the target (you) to follow some link and reveal some information such as, as you noted, your password or credit card information. Phishing has become increasingly common. In fact, SurfControl, a British web and email filtering company, just released the results of a study today which indicates that brand-imitating phishing spam has increased nearly 500% since January. Despite the fact that phishing attacks are so common, they are actually one of the easiest sorts of spam to prosecute under the law, and, relatively speaking, ridiculously easy for the victim company (the one whose name is being used improperly) to bring to court. That is because, in addition to being illegal under more traditional business and anti-spam laws, such as CAN-SPAM, the use of another company’s domain name in spam is almost always a violation of that company’s trademark, and trademark law is very well established, and it is very easy to bring a lawsuit under trademark law. So, what should you do if you are the victim of a phishing expedition? Well, if you are on the receiving end, first of all, and hopefully obviously, don’t click on any of the links!! Secondly, if you can, take a moment to report the phishing spam to the company whose domain is spoofed (faked) in the headers. For example, if the spam appears to be from PayPal, you can send a copy of it to “spoof@paypal.com”, and if the spam appears to be from eBay, you can send a copy of it to spoof@ebay.com. JavaWoman has a great page on her website with lots of addresses to which you can report phishing and domain spoofing, at http://banspam.javawoman.com/report3/scam3.html If it is your company which has been spoofed, you should immediately speak with your attorney about filing a trademark infringement lawsuit. Trademark infringement has been used very successfuly in recent times to stop spammers dead in their tracks - usually you can get an injunction within 24-48 hours of filing a trademark infringement lawsuit, and trademark law also allows you to hold anyone who is facilitating the phishing attack legally accountable as well. This means it is very easy to get the ISPs, any affiliate programs, and anyone else who is involved, to tell you which of their customers are involved in the scam. So be you recipient or the infringed, grab hold of your phish and say “we’re not going to take it anymore!” Kissy kissy, Aunty Spam
Dear Aunty Spam,
Previous Article « Mind Gold: We Create Spam for You…er…You Send Spam for Us..er..You Pay Us…Argh! I’m So Confused!
Read Next Article » Aunty Spam: How to Ensure That the Email You Send Actually Gets Delivered
|
|
Email the link for this page to a friend! |
Read more:
» Hometown Favorites - Would You Like Phish with Your Candy?
» U.S. Phisher Implicated in Global Phish Netting
» This List Tells You Who Is Advertising in Spam
For additional similar stories check out our archives on Everything Else
Comment by ema — 7/26/2004 @ 4:58 am
Comment by hung — 7/27/2004 @ 11:34 pm
next to the comment )
Comment Title
Your Name:
Email Address: Make Public?
Comment by Anonymous — 7/28/2004 @ 2:29 pm
fghfhfgh
Comment by heocon — 8/1/2004 @ 7:28 am
I was wondering if anyone has any response about the website Hits4Pay which promises to pay you $.02 for every ad you read. What made me suspicious was that in one screen they asked for my birthday, and later said that it was a requirement for me to fill out a
W-9 form in order for them to send my check. I realized part way through the W-9, that they would then have all pertinent data to poach my identity. Needless to say, I’ve withdrawn from the program. I felt really uncomfortable.
Comment by Deirdre — 3/28/2007 @ 6:16 am