Wall Street Journal warns about phishing
One of the greatest banes of modern computing is the scourge of so-called phishing attacks. You know what I'm talking about: email that purports to come from Paypal, eBay, Wells Fargo, Bank of America, Chase Manhattan, or a raft of other sites, asking you to log in and correct or update some aspect of your personal record or account.
When you click on the link, however, you don't go to the real Web site, you go to an elaborate mockup, a different site that has all the right graphics and design (since it's easy to steal HTML code) but funnels your account and password directly into a nefarious hacker's database, for them to break into your real account and do as they like.
In this brave new world (yes, that's sarcasm) it's interesting to get the following email message from the Wall Street Journal Online, where I'm a paid subscriber...
Here's what I received:
Dear Wall Street Journal Online subscriber,
We would simply like to remind you that we do not sell Wall Street Journal Online subscriber information to third parties. If you have opted in to receive third-party offers from our advertisers, we may send email to you on their behalf, but it is sent from The Wall Street Journal Online or Dow Jones, not from the advertiser.
Also, we do not require that you respond directly to an email to keep your Online Journal subscription active. From time to time we may remind you to update your account information, but we will always direct you to make changes on the "My Account/Billing" page within your Online Journal account. In addition, you can always contact an Online Journal Customer Service representative to make changes or update your account information.
If you doubt the legitimacy of any Wall Street Journal Online email or if you have any questions, please contact us.
I appreciate that the WSJ is proactively warning me about phishing attempts, but since I've never received one purporting to be from the Journal, it's an interesting message nonetheless. If I was a hacker and could rip off eBay passwords, Paypal accounts or even a bank account, it's obvious the mischief I could wreak (or worse), but the Wall Street Journal?
What damage can someone do if they have my account and password? As far as I know, it would only let them also access the premium content on the site, not add additional services, wire money to a third party, or even post responses to major Journal articles.
Nonetheless, by having sent this message, it's clear that some of the Wall Street Journal Online team are concerned that phishing attempts are masquerading as messages from them. So, again, be wary, just like you should be from any message asking you to click on a link to log in to your account.
Posted by Dave Taylor at June 10, 2005 5:11 PM
Elsewhere in my Blogosphere
Latest Entries at
The Business Blog