Don't Blame Microsoft, Google, Et Al For Success Of Phishing Attacks
The attacks resulted in compromised customer accounts. And discoveries by the BBC and other media organizations of lists of thousands of compromised Webmail users' accounts floating online, and the possibility of even more that have not yet been discovered, raise concerns about the security of those Webmail systems.
A common response from the Web-based e-mail service providers that the problems caused by the successful phishing attacks are caused by users not being careful about protecting their data at first glance can perhaps be read as being arrogant, as passing the buck, even as even a bit snarky.
However, the Webmail providers are right.
Phishing attacks are successful, not because some clever scammer had access to incredible hacking technology that tore the security lid off well-protected email systems and conscientious users.
Instead, they are successful because some unconscientious users tore the lid off well-protected e-mail systems for the clever and less-than-clever scammers.
Phishing depends on a user providing information: a password, an account name, a social security number, anything that might allow an unauthorized person to hijack someone else's identity.
The scammer poses as a friend, as a bank, as a legitimate business, as someone or some entity that can gain the trust of a legitimate user.
It is up to the user to stop the attack. He or she has to know a couple of simple things:
Banks do not send e-mails asking for account information.
EBay or PayPal don't send e-mails asking for account information.
A legitimate business does not send an e-mail with live links that look like a random jumble of letters and numbers when one moves the cursor over them.
It's all been said before. And it's often been ignored.
So when, in response to the Hotmail phishing attack, Microsoft writes, "As part of that investigation, we determined that this was not a breach of internal Microsoft data," and Google writes, "this was not a Gmail security breach," they are not being snarky.
They are being kind.
Perhaps a better way to word their response would be, "Come on, people, get with the program."