Fergus Cassidy

Gone phishin'

APPARENTLY the word first appeared in the mid-1990s. A sure sign that US crackers first used the term is its spelling.

Phishing is an attempt to lure some unsuspecting poor souls to reveal their passwords or credit card number using trickery. The bait usually comes in the form of an email or website dressed up to look like the real thing.

The last phish I received was from some scumbag trying to impersonate PayPal, the online money transfer company. The usual: my personal details 'needed' to be updated as soon as possible. To tell you the truth it was damn good. The addresses in the email were consistent and the website was visually indistinguishable from the real thing. As I don't have an account with PayPal, the phisher's bait stank.

Catching the people who set up these scams is almost impossible. They're the first cousins of spammers, who are still shovelling away to their hearts content. They are all part of the same species, Homo Chancus Armus, which has been at this carry on long before the net ever appeared. They're evolving though and adaptation is written on their coat of arms.

Most new technologys take a while before the 'nuts and bolts' disappear into the background and become much easier to work with and use. Eventually that will happen with a lot of the software used for email and web browsing. In the meantime, common sense still kills 99.9% of all known household germs.

Don't respond to any emails asking for personal details. If there's a remote possibility that there is a genuine problem (and it's urgent), pick up the phone and do a bit of fishing yourself.

I went on my own fishing expedition in the last few weeks. I was doing some trawling around looking for something I knew precious little about to begin with, when I stumbled across a site which raised my right eyebrow. (As my baited hook is still in the water, I'm still hopeful of a bite so excuse me skimping on the details.)

The person(s) behind the site claims to be building a new web browser from scratch and is looking for investors. The frequently asked questions page includes: "Q. Is this the usual way that browser software gets financed? A. For software developers outside the Silicon Valley radar, it's a question of raising funds however, wherever you can!"

Indeed.

"Q. Why on earth wouldn't you want to invest?" A. Whether you're investing 100, 1000 or the full 250,000 [I've omitted the currency] we need, this is a golden opportunity to participate and take part in Internet history".

Pity. If only that letter I received recently informing me I had been chosen to claim a huge cash prize had been true.

At first glance, the website might be genuine but a second opinion from Dr Google is always worth pursuing. The search engine threw up very few results, which was strange. Something like a new browser would be difficult to keep under wraps. Insider gossip and rumour is as valuable online as it is off.

I then went to the nearest thing the web has to a Companies Office. Known as the WHOIS registry, the database is supposed to provide correct and up-to-date information on who owns, or is responsible for, every web address. Whether in use or not.

This database can be checked at any time by anybody who wants to and is supposed to list the domain name registrar, the owner's name, home and email address.

It was originally sent up to deal with technical problems on the fledgling internet (if a server was down for example). But the WHOIS database has lately come under the spotlight and a row is brewing over the role of the WHOIS and its accuracy.

I can confirm the decline in accuracy. There were no details whatsoever about my increasingly suspicious site, save for a three-letter company name. A search in that country's companies registration office for that name turned up nothing.

So at that point, I declined to invest in this "golden opportunity" and instead cast out my own hook baited with the possibility of interest in investing. A month later and not a nibble but I'm hopeful.

Which is more than I can say for the official taskforce currently charged with reforming the WHOIS procedure. There are huge vested interests (hello marketeers) who will not give up their ability to download the raw database and make use of it as they want. There is also the major issue of privacy, especially regarding individual owners of websites.

For my own part, I feel it's reasonable, useful and practical to distinguish one type of website from others. If a company is selling or offering a product or service of any description, then there should be full and correct information available online about that company.

Any Irish company submitting outdated or falsified details to the Companies Registration Office would soon get its collar felt. Why should online be any different?

The WHOIS database which stores information on Irish registered sites (.ie) only shows the name of the company and a person. There is no address, phone number or email contact. Yet the Companies Office online database provides all that plus details on the directors and financial statements. Changing that discrepancy would be a good place to start.

Then again, maybe when it comes to accessing online information on companies and businesses, the small fry don't matter that much.