Related Register article: http://www.theregister.co.uk/content/55/33598.html

It seems so far we have Halifax, Nationwide and Citibank on the list...

The following is an extract from an article I wrote a couple of months ago for a technical journal:

Certainly, the least publicised but most insidious example involving security that has been perpetrated is one of “fishing”. This has deprived a company of a large sum of money. How does it work? In order to protect the identity of the companies concerned, I’ll lay down a scenario with entirely fictitious names.

Dramatis personae:
• Joe Bloggs Manufacturing Company Inc: a large company somewhere in the US Midwest
• James Smith: chief accountant for the JBMC, a slightly overweight person having worked his way up from a simple clerk, over 30 years’ service. He is solid, reliable, methodical, unimaginative and a very dull person, but he knows the company’s business inside out.
• First International Midwest Bank: a large financial institution used by JBMC for its 120 years of existence
• John Doe: an Internet crook.

The First International Midwest Bank has, as most such institutions, a website offering the usual services with the URL of http://www.fimwbank.com. By negligence, it has not secured all possible domains with a similar name.

John Doe registers the domain www.fimwbank.net in his own name and address, which one could imagine are both fictitious. He sets up a website, using this domain, copying much of the bank’s own website. He adds to this a questionnaire with a large number of questions, mostly innocent but, hidden amongst them are some more doubtful ones that we will look at in a minute.

Using the fimwbank.net domain, John Doe sends James Smith an e-mail worded as follows:
“The First International Midwest Bank is conducting a survey of its major customers, to ensure that its operating records are totally up-to-date. This will enable us to ensure that you have the best personal service of any bank in the USA. You will find a simple questionnaire on the secure site https:// www.fimwbank.net/servicesurvey.asp. We request that you fill this out and submit it at your convenience.

Harry Jones
Vice-president, Major Account Counsellor”

Of course, the signature and title are those of the appropriate bank officer.

James Smith, perhaps a little naively, opens up the website page and notes that the little padlock on his browser is closed, showing that the site is secure. He starts filling out the form with the name and address of the company, telephone number and so on. This is followed by a section of each of the accounts which the bank holds on behalf of the company. He then gives the names of the executive directors, their functions, private addresses, telephone numbers and the number of their company credit cards issued by the Bank, along with a couple of pages of other, anodyne, questions. The rest you can imagine! James Smith unsuspectingly submits the questionnaire and the damage is done. John Doe immediately goes on a beautiful spending spree over the Internet, with the information that he has learnt and it is not until a few days later that the credit card company questions the unusual spending of the executives, but the damage has been done and the credit card company will take no responsibility because the causal fault was within the JBMC.

This technique is called "fishing". There are many ways of doing it and the fictitious example which I have given, based on a real case, cost the company in question a sum well into six figures. In reality, there are many other practices that the unscrupulous use to “fish” on the Internet. For example, one may be asked to register to visit a website; in most cases, this is quite innocent, although I detest doing it. If any of the questions that I am asked are indiscreet and beyond what would normally be necessary under the circumstances, then I baulk. However, I have been known to give a false name and address, such as MickeyMouse@Disney.com, if I do not expect a communication from the company! It should be pointed out that it is not necessarily for financial gain that many companies "fish". It could be for targeting e-mails and spam to the most appropriate places. It should be needless to say that one never gives credit card details over the Internet, except to known companies with secure sites that can be trusted. I can also give you a little tip: if your credit card company does not offer you fraud protection on Internet transactions, then obtain a second credit card account with a small limit, such as a few hundred pounds or dollars, so that if you meet a John Doe or similar, then the losses cannot amount to much. Remember that spyware may transmit your credit card number in clear to a third party, as you type it on a secure site (although this should never happen if you have followed my discourses on security)! I’m given to understand that some “free” pornographic sites ask for credit card numbers in lieu of proof of age; if this is so, then they may be less free than the surfer might hope for.

What exactly do you have against overweight people you racist ?
Next you'll blame all overweight people for every trouble in the world ?

I hope they don't switch my off. Very useful saves me a lot of trips into too town.

I presume this is why more and more companies are insisting that you have items delivered to your own address.

Natwest as well: http://www.theregister.co.uk/content/55/33582.html

First of all, you're being a little defensive, and overreacting.

Second, even if he said "overweight people should be shot," that <I>still</I> would not be a racist remark.

Wombat: I think TX was (A) trying to be humorous but forgot the smilie and/or (B) trolling.

I think X has been taking sarcasim lessons from Gurm.

Yeah, he's not a racist.... He's a weightist He is Probably also a phatiphobe...

Jeff

A Weightist !

Lets get X. I ring up rent a mob.

good one

It's just strange that the only gullible person happens also to be the only person with physical characteristics and personality traits.

Overweight goes with naive, dull and unimaginitive.
Quite nice I'd say.

Let me guess, the criminal is smart, so obviously, he doesn't have any physical problem, he's very imaginitive and has a very interesting personality.

I didn't put the smilie because I really didn't like it. There was a hidden suggestion saying fat people are dull and stupid while smart imaginitive people are probably thin.

No, I don't have a weight problem, but one of my best friends does have. It's a medical problem that kind of ruins a lot for him in life. He also happens to be a very very smart and imaginitive person.
I guess that if Mr. Ellis would have seen him he'd be quickly stereotyped as a stupid fatty. Isn't that wonderfull ?

Lately it's very non-PC to talk about religion, race or whatever but humiliating and stereotyping fat people is ok. Who's next ?

You're getting lamer and lamer at your attempts to pick on Brian to satisfy your personal vendetta

Vendetta for what exactly ?

I just enjoy reminding some people a little something called "Judge not yest ye be judged yourself."