My New Years resolution is to get back on track with this column.  Since I just received a Phishing Scam in my e-mail, I figured this would be a perfect subject for my first column of 2006.

For those who have not heard, phishing is an illegal attempt to obtain your personal information by a carefully crafted e-mail message that looks legitimate.  In my case, it was an e-mail that was purportedly from Chase bank.  Since Chase has been actively purchasing credit accounts everyone, I do happen to have a Chase card.  So, it’s plausible.  The e-mail told me that my bill and pay services would be terminated if I did not go to their website and verify my credentials.  The email is shown below:

 Dear Chase Bank Client, 
   
    This is your official notification from Chase Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account.
    As the Primary Contact you must renew the service(s)listed below or it will be deactivated and deleted.
        Renew Now your Chase Bank Bill Pay and Services.

    If you are not enrolled at Web Banking, please enter your SSN as Username, and account number as Password.
   
        SERVICE : Chase Bank with Bill Pay.      EXPIRATION : January 7, 2006 
        
   Thank you!
  
   Sincerely,
   Tricia Doyle , Customer Service

 If your received this notice and you are not authorized service holder, please be aware that it is in.

Just to see the where the rabbit hole went, I clicked on it (risky, but I make my living with this stuff).  I clicked on the link and it opened up a web page that was very official looking.  If I had not been a little wiser, I would have probably filled in my information and fell for it.  However, now that I had the webpage up, I decided to keep following the rabbit.  The biggest difference between this web page and the normal web page is that instead of going to their website URL (https://www.chase.com/cm/login), it went to an IP address (http://168.187.119.165/secure/chase/SSL/login.htm).  This is an obvious indicator that this is a scam as legitimate sites will not use an IP address but will always use a named address.

Now that I had the IP address of the website, I used an internet tool to find out where this led to.  It was curious to note that the IP address of this working scam site was located in Kuwait and was registered to the Ministry of Communations.  While it is doubtful that this IP address belongs to the actual Kuwait Ministry of Communications, it is possible that they have been hacked.

Speaking of hacked, I decided to find out where the e-mail originated from.  The origination was an address registered to IDAHO TECHNOLOGY INC in Salt Lake City, Utah.  While it is possible that this was a legitimate source of the e-mail, it was more than likely a computer that had been hacked.

So, now that I have all this information about this scam, what should I do with it.  Unfortunately, the answer is nothing!  While some non-profit groups have been setup to appear to work on these scams, there is no central authority that actively takes reports on these scams and takes actions to have them shut down.  In this case, I will be sending a report to Chase to let them know the latest fraud attempt on their bank and hopefully they will take the action to have the website shut down.  Normally, the average citizen should simply just delete the e-mail and never go through this much trouble.

What can be done?  Well, in the perfect world the FBI would be tracking this type of activity and immediately get these sites shut down to reduce the amount of money flowing into the criminal or terrorist network.  Unfortunately, we need our legislators to become informed on the dangers of these activities and the lack of effort to stop the crime before it happens.  In the meantime, we simply must all share the information with our family and friends to help educate them on the dangers.