Something Phish-y

Fighting phishing, the online scam that could leave you with a big hole in your pocket.

Surely the email from AT&T Worldnet was a scam: Something was wrong with my account, it said, and they wanted me to click on a link and give them my credit card number. Sounded like “phishing,” one of the newest mutations of Internet skullduggery.


What’s phishing? It’s “any email communication that looks legitimate, but its sole purpose is to defraud you of your account information and the money in your account,” according to Bill McCumber, cofounder of the Dallas info-security firm Privacy Inc.

Usually it’s an email purportedly from your bank, your Internet provider, or eBay. The line: A problem with your account requires you to confirm your Social Security number, bank account number, credit card information, or passwords. You’re asked to click on a link. Instead of the actual eBay, though, you’re delivered to a cleverly disguised mock site. The data you enter there is captured by scammers who use it to steal your identity, drain your accounts, or both.

McCumber says that 57 million people in the United States were on the receiving end of a phishing attempt within the past year. One day, email authentication — a protocol ensuring that emails actually come from where they say they come from — could kill phishing off. But that could take a while. In the meantime, there are some resources and commonsense rules that will help you avoid becoming a victim.

  • Spend a few minutes at the Web site, published by an email industry consortium, to check up on the latest permutations of the phishing epidemic.
  • Instead of clicking on a link in an email, retype the URL into your browser. That protects you from seemingly legitimate links that actually redirect you to bogus sites.
  • Internet provider Earthlink offers a downloadable toolbar ( available to all Internet users. It can alert you before you enter a known scammer’s Web site.

Oh, and that AT&T message I received? It was for real. But until I and others can know that for sure, the value of email will be compromised.