Skip to main content

The world's most poisonous phish

  • Story Highlights
  • CNN tech columnist Chris Pirillo explains the crime of "phishing"
  • Phishers convince you to give up personal information online
  • Phishers use official-looking emails from banking institutions, government agencies
  • Pirillo recommends upgrading your Internet browser to protect your computer
  • Next Article in Technology »
By Chris Pirillo
Decrease font Decrease font
Enlarge font Enlarge font

(CNN) -- Remember how hard an honest mugger had to work for a living wage back during the pre-Internet holiday shopping season?

A self-admitted tech geek, Chris Pirillo is president of, a blogging network.

A self-admitted tech geek, Chris Pirillo is president of, a blogging network.

One imagines poor Joe the Scofflaw bundling up against the savagery of a harsh winter (with a ski mask and fingerless gloves, natch), nose hairs stiffening like tiny icepicks in his nostrils as he sizes up the parking lot foot traffic for evidence of a fat wallet to plunder.

When he finds an easy mark, there's the awkward business of approaching, intimidating, threatening, physically confronting (only if absolutely necessary!), retrieving the prize, and evading pursuit -- it's all enough to run the breath right out of someone!

And what if said prize is more like a free scratch lottery ticket instead of the bounty promised to (and rightfully expected by) all hard workers of the world?

Well, then it's back to the cold and back to the hunt in hopes for better luck next time.

Nowadays, Joe's washed his hands and turned in his working-class blue collar for the white collar of the hoity toity professional. He's gotten savvy to technological advances that have, in the past few years, allowed him to telecommute.

His business, at its heart, remains the same: Joe steals from people who don't hold onto their wallets or purses or treasure chests quite firmly enough.

But without the need to brave the unforgiving elements as in the past, Joe dons distance now instead of a ski mask. He doesn't even have to be (and actually prefers not to be) in the same country as his victims.

Joe is a phisher.

No, this doesn't mean he follows the band Phish around the country in a VW bus (though he technically could while working from his laptop and various hotspots, but let's not complicate things).

There's an interesting explanation of the origin of the term "phishing" at the Web site for the Anti-Phishing Working Group and it seems to have nothing to do with hippies. Good to know.

Joe spends his day sending out thousands of emails to people all over the world. He'd merely be a spammer if the intention of these emails were to entice people to buy, say, iPod knockoffs from China or herbal remedies promising overnight enlargement of earlobe size in people who were insecure about that sort of thing.

But phishing is more akin to spotting a likely mark as Joe did in his grungier mugging days.

Phishing is generally designed to trick people into giving up personal information (passwords, social security numbers, credit card details, addresses, etc.) -- most commonly for the purpose of identity theft.

He does this by using official-looking (but completely bogus) "correspondence" from banking institutions, ISPs, government agencies (such as the IRS), online merchants -- you name it -- which may simply come right out and ask for this personal information.

In a more subtle twist, this email might direct the victim to an equally legitimate- looking Web site that serves to round up the same information from someone who might otherwise be more cautious about giving that information away.

"Hey, I know better than to answer random emails with compromising info," the semi-wise phishing target might say, "but this helpful link takes me right to my bank's Web site. I'll see what they want from me there."

We're all phish bait, so never take anything you get in your inbox at phace -- er... sorry -- face value. No matter how official it may look.

Here are a few tips that might help keep your presents under your own tree this Christmas:

1. Don't click on links in email, ever. Go to the Web site of the alleged inquiring party directly (type the URL into your browser or find it through Google) -- especially if it seems like a notice from your bank, eBay, or PayPal.

2. Start using OpenDNS. It's a great, free service that offers extra phishing protection for your entire home network without the need to install anything.

3. Upgrade your Web browser now. if you're still using Internet Explorer 6, you'd be better off not surfing the Web at all. If you're using Internet Explorer 7, I'd strongly recommend updating to IE 8 or switching to Firefox 3.0 instead. There are far more exploits in the wild for IE compared to Firefox.

4. Don't install anything until you've run it past a geek first. Same holds true for snakey emails. I always appreciate when my wife double checks with me before doing anything, although she's really good at detecting scams outright.

5. Verify the return address is a valid one. is obviously not valid, though more legitimate-looking addresses can be spoofed as well; it's just another thing to double check. As for links within the email -- I can't stress this enough -- don't click them!

6. If you didn't initiate a transaction to which an email is referring, it's likely a scam.

7. Don't send people money, ever -- doesn't matter how "dire" their situation is. I've been taken by people I trusted before, so... just don't send people money. Tell your parents and grandparents not to do this, too -- please? Internet fraud is huge.

8. Avoid buying cameras and normally pricey gadgets from anywhere other than trusted retailers. Seriously, if a deal sounds too good to be true, it is. Absolutely. 1000000% fake.

Or, you know. Ignore all of this advice and click on everything and answer any question asked of you over the Internet. After all, Joe's got a belly to feed, too.

All About Identity Theft

  • E-mail
  • Save
  • Print
Today's Featured Product:
2011 BMW Z4 sDrive35is
 8.0 out of 10
Recent Product Reviews:
RIM BlackBerry Torch 9800 (AT&T)
 8.0 out of 10
Motorola Rambler - black (Boost Mobile)
 7.0 out of 10
Samsung UN46C6500
 6.9 out of 10