Phishing, the Online Confidence Scam

There have been numerous proposals for ways to prevent phishing scams. Suggestions ranging from EV certificatesto new specialized top-level domains seem to imply that the end ofphishing would be brought about through their implementation.Unfortunately, this isn’t likely to be the case.

Let’s look at a phishing scam for what it really is – an onlineversion of the classic confidence scam. The reason it’s called aconfidence scam is that the perpetrator has to gain the confidence oftheir intended victim in order to reap the rewards. Some of these scamsare so thinly veiled that only the extremely gullible will fall victimwhile others are so elaborately played that even some of the mostcautious individuals are fooled. The same goes for the online version.

Some phishing attacks are so poorly crafted (I’m sure most companiesdon’t misspell their own names) that many of us wonder how anyone couldfall for them. Others can be so elaborate that an employee of thecompany being spoofed might have trouble identifying it as a scam.

While the proposed solutions will add a layer of trust to help moresophisticated users identify legitimate websites they probably won’thelp many average and novice users. To further complicate matters, someof the proposals preclude smaller banks and businesses that may beunable to implement them. These solutions will help to an extent, butthere is unlikely to be a single panacea.