Thursday, April 10

Phishing for change: Hye Rim gets hacked

"I am sorry I didn't inform you about my traveling to Africa" the email begins. It goes on to inform me that the sender is "really stranded in Nigeria because I forgot my little bag in the Taxi where my money, passport, documents and other valuable things were". After setting up the desperate situation, including a bullying Hotel Management and your friend now starving because of lack of funds, the clincher comes. "Please can you help me with a sum of $2700 to sort out my problems here?"

While everyones aware of the standard Nigerian money fraud scheme, it's rare that an entire email account can be hacked into, allowing a variation of this tactic to come from a good friend or colleague. But that's precisely what happened to Hye Rim Lee, the New Zealand based artist who's recently had a flurry of group and solo shows in New York. Strangely enough, the scam email coincides with some of Hye-Rims recent activity, the Africa trip to "empower youth to fight AIDs" is not too far off some recent charitable shows.

Phishing, baiting a victim in the hope of "catching" financial info or passports, has become increasingly sophisticated in recent years. As the internet picked up mainstream use, amateur hackers could count on web neophytes to click on dubious links or open email attachments from strangers. With a heightened awareness of security, people are treating the greater web more like the street than their bedroom - no gifts from strangers. Very open social networks like MySpace are losing kids by the thousands to more exclusive, 'safer' platforms such as FaceBook. The result? Phishers have to look like your friends, or the people you do business with, to reel users in. Last week I received a Paypal email (shown above), which I quickly learned was a phishing attack. The email address was extremely similar to the official one. The logo, the layout, and the colouring were identical to the legit version.

ASB Bank and Kiwi Bank have both been the victim of fraudsters sending similar emails to their customers. In a famous attack several years ago, phishers set up a duplicate site for a major New Zealand bank, tricking customers into revealing their username and password. The phishers left the truly devastating part to the end: after they had obtained their catch, the user was simply given an error message and directed to the legit bank website, where the login 'worked' as usual. The result? No complaints, security crackdowns, or uproar. Just a steady string of lucrative bank account numbers.

No comments: