Editorial: Plenty phishers in the sea

So you get an email from someone you know well enough. It contains only a link to a website. It takes just an unthinking moment to click on it to find out what it is that your good buddy wants to show you. Open it and kapow. You'll soon be feeling like a dummy.

Three sorts of dummy, actually. The one in a dunce's hat. The one that has an unseen hand reaching through an unpleasant route deep into its innards. And potentially the one that's atop the bonfire of what used to be your identity and your finances.

Phishers, as not quite all of us know, are scammers who make contact with us under disguised identities to get useful information like our passwords or user names - and through that, our money.

After the latest attack which seems to have particularly detonated at the weekend, thousands of New Zealanders have been slyly invited to allow malware into their systems.

And so it goes. Late last month Trade Me was targeted by phishers who sent mails asking users to click a link to - ahem - cancel the purchase of a barbecue that they had apparently unwittingly bought. This one was further proof, if proof were needed, that gone are the days when you could tell a scam from the jolly formality of bad Nigerian English and the cheap amateurism of the sites. The bogus Trade Me mail contained standard information you'd expect from an automated response. Let that serve as a reminder that, quite apart from making sure you are on the trademe.co.nz site and none other, you should never provide your user name or passwords by email, or enter information into forms within email messages.

The scale of the phishing problem, and scamming in general, can be a tad tricky to pin down.

Reports last August had the Norton company, purveyors of protective software, drumming up attention with the claim that cyber criminals stole more than $600 million from Kiwis during the previous year. Fair to say that not everybody regarded that figure as completely reliable.

The 2012 report from the Ministry of Consumer Affairs, dealing particularly with phishing, is rather less extravagant but still, in its way, a colon-clencher. The ministry dealt with 833 cases in 2011. The amount of stolen money was put at just $87,000. Far less upsetting. Providing none of that money was yours.

A pretty good overview comes from NetSafe, the website run in partnership with Government agencies, which recorded more than 1500 reporting "cyber incident" reports on Online Reporting Button (ORB) at theorb.org.nz for a total of just about $1 million.

It would seem that the whiskery old "PC doctor" scam, in which some supposed IT wonk makes contact, often by phone, to say there's something wrong with your computer that they can fix for you, has been declining.

As for those trusting lonely hearts out there, we would not want to have your sorrows compounded so remember that some of the most significant losses recorded by Kiwis of late have been from romance and online dating scams.

Please make sure you don't have an easily predictable password like "password" or "123456" or "jesus" or the perfectly polite but imperfectly secure "welcome".

Remember, too, that banks never, ever contact you with a request that would, in your reply, disclose your PIN number or account password. Inland Revenue never makes contact because it's concerned about you not having claimed an entitlement. "We are not that generous," assured Minister Peter Dunne, after being sent a fake one himself.

The Southland Times