Phishing and Spoofing


Phishing is not to be confused with ‘fishing.’ There is no cast net, no baiting of the hook, and no minnow awaiting a large-mouth bass. But there are plenty of wireless fly rods out there. What do I mean? Specifically, an enterprising nerd or computer wizard of the binary-off generation can send you a disguised email representing a company you know and highly regard. The message may be duplicating a well-known logo in a misleading email suggesting you, the gullible, reply and update their files. They will frequently ask for a Social Security Number, credit card number, username and password, and/or your bank account number. Such data provides a license for identity theft. It goes on all the time. You read stories of months and months of futile effort to rectify credit reports done in by the virtual criminals. Frequently, the bait appears as an online financial intermediary asking for an update of personal information. In reality, takers just feed the ‘phisher’ valuable key information used to exploit the theft of the vulnerable victims’ identities.


Another popular indoor sport for some phisherman is spoofing. The digital sportsmen are hacking wireless cellular networks. First, the angler finds a cellular telephone with voice mail. Second, the piscator spoofs the cellular phone number, fooling the cellular network into authorizing access to the cellular telephone’s features. Third, the woesome whaler harvests the data and voicemail stored in the victim’s account. Data can include voicemail, user identification information, address books, photos, and passwords.


How do they do it? Spoofing is easier and simpler than compromising most computer networks. We will not publish specifically where to go to spoof caller identification information. However, accept as fact, that information appearing to identify a caller can be falsified. Some cellular providers allow users to turn off the requirement that passwords be entered when accessing services from the user’s handset. The cellular caster then calls a cell phone number whose password is not required by the user – an option popular among many callers. The happy harpooner then gains entry into the victim’s voice mail, can control the options available to users (both authorized and otherwise), and has reign over whatever data and information is stored therein. A celebrity such as Paris Hilton and all her friends in her address book know all about it.


Avoiding phishing and spoofing requires vigilance. Don’t supply usernames and passwords to anyone. Networks and providers already know your username and password. Change passwords regularly and use your cell phone pin number to access your voicemail every time no matter how busy you may be. These basic precautions will not stop the ever-advancing threats, but will provide a safety net. Be wary and be warned from your lighthouse attendant from on the bay.

Authors: Albert Lucas, B.A. Mathematics and W.F. “Casey” Ebsary, Jr.,