Lisa Minter quoted a newspaper article:
> But just as I was about to click that button, a doubt bubbled up from
> the depths of my digital credulity. Could the whole thing be a scam?
> Was I about to download and install a Trojan horse, backdoor program,
> or worm? ...
> [TELECOM Digest Editor's Note: I wonder if most netizens realize the
> serious way in which phishing has proliferated. I must get a dozen or
> more of these daily in my account here at massis.
Many companies I deal with want me to use the 'net to access my bills
or account on-line. Doing so obviously saves them money from having a
real person answer my questions over the phone.
I guess I'm a Luddite, but I shy away from using e-mail or the
Internet for personal business transactions. I feel there aren't
enough protections -- both technical and legal -- to protect consumers.
First, often the Internet does NOT answer questions I have. Sending
emails to a company is often a failure -- either they never answer or
don't answer the question properly (often they refer you back to the
'net page, but if the info was there in the first place I wouldn't
need to ask). Even big companies forget to update their web pages
with the latest information. Other companies change terms and
offerings so rapidly and make them so complex a person is needed to
sort it all out.
Secondly, email is notoriously unreliable. Servers break down and
messages in transit are lost. Messages are accidently deleted along
with the spam. Lastly is the security problem -- emails are easily
forged.
It has long been against the law to use the US Mail for fraud,
and I presume there are still U.S. Postal Inspectors who
investigate and prosecute violations. But does anyone really
know the law as it stands with fraud done by email? Who is
responsible for enforcement and prosecution? My guess is only
the most blatant and biggest violators are prosecuted (and not
necessarily thrown in prison as they deserve) while the vast
majority go unscathed. "Spam" is not just a nuisance, it is
fraud and a host of other law violations, but nothing seems to
be done.
The fact that Congress can't pass an enforceable anti-spam law means
to me the whole email system is just not safe. Too many legal
loopholes, too little enforcement, too many criminals.
The Internet is based upon protocols never intended or designed for
use in public commerce. Remember the 'net was developed as a private
link between users of a very small community and designed to share
information. As such, there was little need for protection since
there was little to be gained by fraud. That became obsolete the
minute the 'net became public. So today we have people at home
hooking their PCs up to broadband networks, blissfully unaware that
criminals are hacking into their PCs searching for weaknesses to
exploit. The network protocols should never permit this kind of
random searching in the first place.
A growing problem with using the 'net is its high powered automation.
When I had my 286 DOS machine, I knew what it was doing because
(normally) only I could start up a program. (Obviously if I took
someone else's program I was at risk). Email attachments back then
didn't automatically start up macros in applications. But today
everything is so automated and fancy most users have no idea what's
going on in their machine. Hard drives spin along, things open and
close on their own. Things intended to be a shortcut and easy for us
make it easier for saboteurs to screw up our machines.
(Shouldn't we call viruses "sabotage"? The word "virus" makes it
sound like it came from mother nature, not an intentional effort to
harm.)
The technocrats out there are partly to blame. They never can sit
still long enough to let a software release settle in before demanding
new features. This constant revisions allows bugs and fraud to creep
in. Stable functionality would get sturdier over time.
[TELECOM Digest Editor's Note: If I understand the law correctly, if
you make a false/fraudulent communication by _any_ means -- email, or
web site, or telephone, etc -- in an effort to induce someone
else to deposit something in the US Mail, then you have committed
postal fraud. Example: you apply for a credit card using a web site or
email in someone else's name and with their credentials; this in turn
induces the credit card company to send you a card in the postal mail,
then it is as good as if you had originally corresponded by mail, you
still committed postal fraud. Or maybe at some point they send you a
bill or a notice in the US mail. In other words, _they_ would not have
used the US Mail had _you_ not encouraged them to do so. PAT]