I received a very sophisticated piece of phishing spam this weekend (see image). “Bank of America” claimed that they were “unable to verify my account information” during routine maintenance. I just needed to click on a link within the email to update my records. The email had excellent English and formatting, as well as a Bank of America logo. I have plenty of other emails from my bank that don’t look quite as nice.
This might have worked if I were a Bank of America customer. However, since you couldn’t pay me to do business with Bank of America*, I was suspicious.What impressed me the most was how the email avoided the common traps that security professionals warn you about. I wasn’t asked to reply with my password or SSN or mother’s maiden name. In fact, you’ll note that the email even warns me not to enter my password on any site without the SiteKey(r) logo! Phishers have grown more sophisticated, as they inevitably must. Countermeasures have arisen to protect against thieves, so thieves now devise counter-countermeasures. It’s a constant struggle.
The threat you’re expecting – a phisher asking you to email your password – may not be the threat you face in the next generation. I was thinking about this after reading a post on the Passive Voice blog about Barnes & Noble, erstwhile scourge of independent booksellers:
While Amazon is considered a disruptor company for many of the changes today – hated by independent book store owners and publishers, especially after they promoted their price-check app over the Christmas holidays, in the 80’s and 90’s Barnes and Noble was considered the “brutal capitalist” of booksellers. And its history is extremely interesting, considering what has been happening in the book world of late. Barnes and Noble was the first major bookseller to discount books, by selling The New York Times best-selling titles at 40% off the publishers’ list price. In the eighties they bought up chain book stores like B. Dalton, Doubleday Book Shops, and Bookstop. In 1998 they tried to purchase Ingram Book Group Inc., the largest book wholesaler in the United States but were unable to do so because of antitrust concerns. Supposedly one reason Waldenbooks and Borders opened so many stores was to keep up with Barnes and Noble’s superstores.
In 1998 Barnes & Noble got sued by the American Booksellers Association and 26 independent bookstores who claimed that Barnes & Noble and Borders had violated antitrust laws by using their buying power to demand from publishers “illegal and secret” discounts and then in 2003 Barnes and Noble was the first bookseller to publish its own line after acquiring Sterling Publishing Co., the nation’s largest publisher of how-to books, competing side by side with Modern Library and Penguin Classics.
In the 80s and 90s, publishers and booksellers feared “big box” bookstores grinding out the mom & pop store on the corner. Now, in the 10s, those same forces want B&N to save them from Amazon. They’re rallying behind the big box, hoping that B&N doesn’t go the way of Borders, to prevent Amazon from slashing their margins.
I can’t blame them. Amazon has made no qualms about gunning for the Big Six; obviously they’ll fire back. But IT professionals know that you don’t keep your desktop secure by protecting against last year’s threats. As soon as your adversary shows that they’ve adapted to your countermeasures, you need to respond proactively. If you don’t, you start hemorrhaging users at the fringes until your system’s hollow on the inside.
If you want to follow my attempts to stay on the nimble edge of publishing, check out my debut novel, Too Close to Miss and meet Mara Cunningham, whom readers call “flawed yet gustsy, smart [and] driven.” Download it off of Amazon, Barnes & Noble or iTunes and start reading it within seconds.
If you want to send your friends a message that they’ll appreciate better than a password phishing email, please tell them what you thought of Too Close to Miss via Facebook, Twitter or old-fashioned word of mouth.
* A business model that might work better than the current one, where I have to pay them to do business with them.