Last year, I did some research on the prevalence of identify theft and the difficulty victims faced in recovering their lives. I learned a couple of things. One, an identity can be stolen in a millisecond, and it can take years to get it all back. Two, criminals are quite creative with the methods they use to filch identities. They use everything from spyware and worms to monitor keystrokes and steal passwords to the occasional dumpster dive for discarded credit card receipts. Yet, despite all of these methods, I never came across a mention of phishing as a potential source.
Identity theft reached critical mass in the public consciousness over the past few years, culminating in a fusillade of comical Citibank commercials that made it common knowledge, if not something of a joke (theres a whole side thread here about whether or not Citibanks ad campaign could backfire, with people instead having warm, humorous thoughts whenever they think of identity theft).
Phishings rise to recognition, on the other hand, has been nothing short of meteoric. As recently as last January, it was a term virtually unknown to anyone except geeks and security experts. Now you have, Id reckon, a 50-50 chance of getting a correct answer if you walk up to someone on the street and ask if theyve ever been phished, or (if you want to help them a bit) if theyve ever received a phishing e-mail.
But whats more fascinating and frightening about phishing is that its now become the identity theft ploy you opt into. For those unfamiliar with opt-in, its what you do when a Web site page asks during, say, a commerce transaction, if you want to receive its weekly e-mail newsletter featuring great deals. If you check “yes,” youve opted in.
To read the rest of the article, click here.
Be sure to add our eWEEK.com enterprise applications news feed to your RSS newsreader or My Yahoo page