Fishing or Phishing?

(Published on 5 September 2006 in 'Women at Work' - W @ W - a supplement of the Daily Mirror, Colombo, Sri Lanka)

I often walk into the public library… it’s always a good place to check out who is working hard and could be potential competition. There are so many who aspire to be Miss Know Alls…

Much to my surprise I bumped into a friend who teaches nine year olds at the local convent. What was even more surprising was when asked what she was doing at the library she said she was preparing for the next day’s class. Preparing to teach nine year olds? How much of a preparation would you need for that? On enquiring I learnt that the previous week she was taken to task by a student’s parent for cutting marks in a spelling test. The child had written ‘phishing’ – instead of fishing. The parent a computer engineer had given my friend an entire book on phishing – and the subtracted marks were duly added to the mark sheet.

In computing, phishing is an illegal activity where in fraudulent techniques are used to acquire sensitive information, such as passwords and credit card details. People who indulge in phishing are called phishers. These swindlers attempt to get confidential information by concealing their true identity and pretending to be a trustworthy person or business. Phishing is most often carried out using email or an instant message. More recent phishing attempts have targeted the customers of banks and online payment services. Typically, a phishing attempt would be disguised as an official email from a bank, and would attempt to trick the bank's members into giving away their account information.

Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to an organisation. Misspelled URLs are common tricks. Some phishing scams use JavaScript commands in order to alter the address bar. The damage caused by phishing ranges from loss of online access to financial loss. Unsuspecting people often divulge personal information with ease, including credit card numbers; I-card numbers, and address details. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name or even prevent victims from accessing their own accounts

These days legitimate email messages from organisations to their clients will contain an item of information that is confidential. Emails from banks and credit card companies will often include partial account numbers. One should always be suspicious if the message does not contain some personal information.

I left the library feeling sympathetic towards my friend. She sat with a list of all the words she was to give in the spelling test the next day… checking out all possible valid ways of spelling each word. “Don’t give the student an ‘F’ in his report card when he fails,” I advised. “Just give him a ‘PH’!!!!!!!”

Miss Know-All
wow@dailymirror.wnl.lk