Opinion: A phishing scam that targets would-be hurricane donors is a disgrace. It makes me want to pull the plug on my server before I lose all my faith.
I really shouldnt let the Internet get to me like this. But, right now I am ready to shut down my server and go live on an island someplace. Of course, Ill take a satellite phone and my radio gearIm disenchanted, but Im not stupid.
I dont know about you, but Im about ready to take a big stick to the various "fathers of the Internet" for having done such a lousy job. The Internet has gone from being a child of endless promise and grown into a teenager that needs to sit in "juvey jail" until it grows up. Maybe the Internet fathers are ashamed of their child.
Before I drag you in further, I should say Im talking about the "best" or "worst" and certainly the most despicable phishing scheme
Today, my Ziff Davis address (a tip-off) received two identical messages almost simultaneously. The graphics are familiar. All the words are spelled right. The mail includes links to real places on real sites.
The message claimed to be from email@example.com and says "to reduce donor wait times caused by high volume, the American Red Cross has partnered with Microsoft and MSN to help handle donation processing."
Having once had my own address at usa.redcross.org I recognized the e-mail domain as legit. I bet "help" is actually a legit user account; at least it doesnt immediately bounce. Of course, anyone can spoof any address.
I rolled my cursor over the "Click now to donate" link and noticed that the URL went to an address beginning "adsl," indicating a DSL connection and enough for me to conclude the message wasnt legit. My heart sank a bit.
Its almost like I wanted to believe this message was real, if only because Id like to salvage some faith in humanity on the Internet. I wanted to believe that my occasionally inept friends at the Red Cross and Microsoft had just zigged when they should have zagged. That the world wasnt such a bad place.
So I opened the full mail header, showing the path the message took to reach me.
Heres part of what I found:
Received: from 18.104.22.168 (unknown [22.214.171.124]) by mail47-res.bigfish.com (Postfix) with SMTP id 54BE66ABFA7 for ; Thu, 29 Sep 2005 23:33:09 +0000 (UTC)
Received: from 126.96.36.199 by ; Fri, 30 Sep 2005 01:27:03 +0100
Received from "unknown," huh? A bogus Yahoo mail address as a message ID?
Security watchdogs take on cyber-looters and their schemes to bilk hurricane donors. Click here to read more.
Now I wont say my worst fears had been proven true. I am way too cynical for that. But, I wanted to believe that maybe I didnt live in a world where people steal from homeless hurricane victims. That maybe they wouldnt do it by making fools of well-intentioned people trying to help those in need. That people smart enough to create such a scheme could get rich the honest way. All the good work the Internet does shouldnt be sullied by e-mails like this.
Theres nothing I can do about this. This was probably a hit-and-run attack, the tracks gone even before all the e-mail had been received. Ive forwarded the e-mail to a friend at MSN and to another at the Red Cross. I know the two organizations have been working together and want to make sure they see what people known in polite company merely as "the scum of the earth" have been up to. Actually, I think they give scum a bad name.
There is no moral to this story. No happy ending. The Internet can be a very bad place and there are people in the world who have no shame and no wish to participate in civil society.
These people are worse than mere thieves because they penalize people for acting on their best instinctssomething of which the world needs an unlimited supply. I can imagine no punishment that would be inappropriate for these criminals actions. They dont just steal our money, they steal our faith.
Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers. He can be reached at firstname.lastname@example.org.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.