« The Perfect is the Enemy of the Good | Main | Policy and Practice - a Talmudic distinction »

Phishing

We're all so paranoid about phishing, but it seems like we only really care about banking. I wonder, if the banking industry ever gets its game on, if identity thieves will start going after other sites.

Like LinkedIn. I've been playing with it lately (more on my observations later), and it sends out HTML email to your new contacts inviting them to link to you. If you receive one, and it was sent to a different address than the ones you've already provided, it lets you log in and register that address.

It would be pretty trivial to phish that login. At the least, I bet most people don't have a unique password there, and it would certainly let you start to build up a network of relationships - and if you're trying to get people to read your fraudulent email, it's all about getting them to trust the putative sender of a piece of email.

It's a lot of work to go after something like LInkedIn, or Evite, and I wouldn't expect to see it happen any time soon. But I really thought about it when my father-in-law called me this morning to verify that I had, in fact, generated the LinkedIn email he hadn't yet opened. Maybe we all need to be a bit more paranoid.