November 9, 2004
To whom it may concern,
In part because I have had one E-mail address for almost a decade now and because I promoted my business heavily a few years ago, I receive almost 400 E-Mail's each day. I also have several projects ongoing wherein I am tracking several types of those Emails; investigating some to see their source and if they have been shut down.
The purpose of this writing is to report problems that make it virtually impossible to dent the impact of two serious threats to computer users everywhere. I should add that, as a seasoned computer professional with 29 years of experience in PC services, if I am frustrated and seemingly unable to effect any effort to stop these threats despite very specific information passed to the proper parties, the average user may as well not even try.
Phishing or defrauding a user to reveal personal information for criminal purposes, has become enough of a problem that it commanded front page coverage in a recent edition of the Charlotte Observer; but, there is no easy way to report it to most companies.
Ebay and Paypal have a great model; forward the Email to spoof@ and you will receive a reply within minutes confirming the Email as phishing and giving specific instructions on what to do, including a toll free number to call if the user has already fallen for the scam.
Citibank, Wells Fargo, U.S. Bank, Sun Trust, and many others not only have no easily found place to report possible phishing; they further do not acknowledge receipt of reports when sent to the address found on their websites and, seemingly, take no action when phishing is reported.
I am not a proponent of government regulation; but, shouldn't the companies at greatest risk have some easy method to report and specific follow up?
Without such a method, phishers will continue to succeed.
Cyberterrorism takes many forms, with the most prevalent being the spread of computer viruses. Here, too, there is no common or simple way to report and, even when reported, no apparent action is taken.
In the last six days I have received twelve Emails containing viruses from the same source and; because they have been several different viruses, some which arrive multiple times, the correct conclusion is that someone using that address is releasing viruses as it is not characteristic of those viruses to do so.
The address is 18.104.22.168 and it is owned by Qwest Cybercenters in Denver, Colorado. On the third of November, I forwarded a copy of an infected Email to firstname.lastname@example.org which is the address given by a Whois lookup.
This morning, I received three more viruses from the same address. Apparently, nothing has been done.
If reporting a virus gets no action from the people responsible for allowing that computer access to the internet, how can we ever stop the spread of viruses?
Phishing has just evolved a new and deadlier method; using a keylogging trojan to capture login information entered when users think they are going to the same place they used to pay their bills, last month. Viruses continue to set new records for how fast they spread and how deadly their effects can be. If an expert cannot get the responsible parties to take any action, how can we ever win these battles?
It is time for a wake up call to the media, banks, credit card companies, law enforcement agencies, and legislators. If changes cannot be made within private channels; laws, unfortunately, need to be enacted. Without user friendly methods to report phishing and cyberterrorism, along with aggressive follow up by those responsible, it is just a matter of time before .....
If you have any questions or problems, please feel free to contact me by Email or by phone.
© Davis M McCarn 2004 All Rights Reserved