Screaming Penguin

Some scam spam is pretty official looking. "Update your PayPal account now or risk cancellation" and so on. Many people fall victim to these type social engineering attacks and provide all sorts of personal information to the scammers. The official looking email social engineering attack is known as "phishing". Recently a scam artist was arrested for and pleaded guilty to a major phishing operation. The FTC is "cracking down" on this activity. MINI-RANT. The real solution is of course for banks and credit providers to NOT be allowed to issue any credit or access to your finances without REAL AUTHENTICATION of some sort. In fact social security numbers should ALL BE PUBLISHED and PUBLIC RECORD. That is just an identification number, it should not also be used to authenticate that whomever is providing it is that person JUST BECAUSE they happen to know it. Knowing any SSN should still not enable anyone to steal anything (and the same goes for credit card and bank account numbers and maiden names and so on). Banks resist any real authentication for the most part, they write off the fraud and WANT credit and finance information to be as accessible as it is. When a PC user can buy a thumb print scanner for 99 bucks at CompUseless you would think the banks might be able to buy a few for authentication of people wanting thousands of dollars of credit? Well of course they can, but they DONT WANT TO. Its cheaper to just allow the fraud and write it off, and inconvenience the hell out of their customers, than to maintain any real security. Banks more and more are advertising how they protect us and its simply not true. The truth is that actual authentication through any number of means could be achieved but banks dont want it (any bio method, encryption keys, hell even a personal PIN number for credit cards and bank accounts and not just ATM cards). Anyway. For more on the recent bust see the linked cnn article.