Corante

Home > Weblog Columns > Between Lawyers
CONTRIBUTORS

Denise Howell Denise Howell
( Profile | Archive )

Dennis M. Kennedy Dennis M. Kennedy
( Profile | Archive )

Tom Mighell Tom Mighell
( Profile | Archive )

Marty Schwimmer Marty Schwimmer
( Profile | Archive )

Ernest Svenson Ernest Svenson
( Profile | Archive )

Denise Howell is a seasoned appellate and intellectual property litigator based in Los Angeles. Denise writes one of the first and most popular law-related blogs, Bag and Baggage, coined the term "blawg" and helped pioneer podcasting for lawyers. Microcontent obsessed since 2001, she is frequently quoted in the media on legal issues involving intellectual property and technology law. "Sound Policy" is Denise's show at IT Conversations, and it's also what she hopes results from the briefs she submits to court. Email Denise at dhowell@gmail.com.

Dennis Kennedy is a computer lawyer and legal technology expert based in St. Louis, Missouri. An award-winning author, a frequent speaker and a widely-read blogger, he has more than 300 publications on legal, technology and Internet topics, many of which are collected in his e-books. Dennis has been described as someone who knows almost every rock song in existence and, more importantly, how they apply to technology and law. Email Dennis at his gmail address.

Tom Mighell is Senior Counsel and Litigation Technology Support Coordinator at Cowles & Thompson in Dallas. He has published the Internet Legal Research Weekly newsletter since 2000 and blogged about the Internet and legal technology at Inter Alia since August of 2002. With Tom's singing, Ernie on guitar and Dennis' encylopedic knowledge of rock music, we may have the beginnings of a good band, if this whole blog thing doesn't work out. Email Tom at tmighell@swbell.net.

Marty Schwimmer left a partnership in the largest trademark practice in the world and founded Schwimmer Mitchell, a full-service IP micro-boutique in Westchester County, New York, where he represents owners of famous and not yet famous trademarks. He founded The Trademark Blog, the first IP law blog and the one with the most pictures. He is the first to come in and the last to leave in his firm. Email Marty at marty@schwimmerlegal.com.

Ernest Svenson practices law with a mid-sized law firm in New Orleans, specializing in business-related lawsuits. Most of his practice takes place in federal court, especially the Eastern District. He is best known for his weblog Ernie the Attorney, which he started as an experiment. Like many experiments it got out of control. Nevertheless, he continues to practice law and, occasionally, to seek enlightenment. Email Ernest at esvenson@gmail.com.
About this blog
Between Lawyers provides just-in-time group commentary on the issues raised when technology, culture and the law intersect. We take you behind the firewalls and conference room doors to show you how experienced lawyers deal with these issues and help you prepare for the new challenges we all face. For more, see our introductory post.
In the Pipeline: Don't miss Derek Lowe's excellent commentary on drug discovery and the pharma industry in general at In the Pipeline

Between Lawyers

« Dennis Re Death Bytes | Main | Sherry Fowler on Legal Lies »

May 31, 2005

One Phish, Two Phish, E-mail or Phish - Keeping Up with the Latest Phishing Lures

Email This Entry

Posted by Dennis M. Kennedy

I can't believe all of the email I've been getting lately from eBay, PayPal, various banks and assorted other companies that appear to be sending me breathless warnings about problems with accounts that I never knew that I had.

Ah, welcome to the world of phishing, social engineering attacks at their finest. On our back channel email list for Between Lawyers last week, I sent a copy of an email purporting to be from Network Solutions that wanted me to update my information. I maintained that the email had at least four indicators that it was fake, but someone found a web resource that indicating that it wasn't fake or spoofed. That is, if we can trust that web resource. I still refuse to reply or click on any of the links in the email.

Why? There are too many of these emails that have bad intentions and can cause you harm. "Phishing" involves the use fo spoofed email addresses to make you believe that you have received a legitimate email requesting that you update information or visit a specific page. IF you do so, bad things happen.

Along with other great coverage of security issues, PC Magazine's Security Watch page and email newsletter does a nice job on highlight new phishing exploits and is a welcome resource on the subject.

All of this phishing makes me want to get out and do some real fishing, but it also makes me wonder if anyone else feels like email practices have returned to those of the early Internet email era, where you would send an email and then call the intended recipient to see if he or she had gotten the email.

I truly wonder whether any major company, especially a financial institution, can effectively use email to provide notices that require cutomer responses. I have several emails in my inbox from organizations at which I have accounts wanting me to update information or take other steps. I've decided that I need to call each of them (not using a number provided in the email) to see if the emails are legit and what I need to do. Next thing you know I'll be banking in person again.

Remember the days when email was something that we liked, not a threat vector.

Comments (2) + TrackBacks (0) | Category: Practice of Law | Technology


COMMENTS

1. ruidh on June 1, 2005 11:30 PM writes...

The obvious answer is not to give your email address to banks, credit card companies and utility companies. If my bank or credit card has a problem, I expect that they will call me on the phone or send me a letter written on dead trees. I do not do sensitive financial business over email. I don't ponder these emails attempting to determine if they are fraudulent, I *know* they are fraudulent because, by and large, I haven't shared my address with the company and, if for some reason I have, I've opted out of them using it to communicate with me.

Email is convenient and reliable for many purposes. Banking isn't one of them.

Permalink to Comment

2. Dennis on June 2, 2005 1:44 PM writes...

I generally agree with you, although you've answered the easiest question - email from banks and financial institutions. Your use of the phrase "by and large" raises the element of doubt when you receive one of these emails. The "obvious answer" isn't always so obvious because you never can quite be sure when you might have accidentally opted in to permission to use your email address.

What happens when you get an email purporting to be from someone, like a domain name registrar or your ISP, where you are expecting communication by email? What about an email from an online service provider requesting that you update your credit card info because an expiration date has gone by?

And, a question I'm currently wondering about, what happens when you get a letter that seems to be from a credit card company, but the stationery and envelope used don't look "official" and the return address is a P.O. box? Do you call the phone number in the letter or go to a URL listed in the letter or do you try to find another number to call through independent research?

If you start thinking too much about this, you wonder what, if anything, you should respond to anymore.

My question would be: if we accept that banking is not one of the things that email is convenient and reliable for, what are examples of things that it is, in 2005, clearly convenient and reliable for?

Unfortunately, I think that's become a difficult question to answer with any degree of certainty, but I admire your sense of optimism and wish that I could share it.

Permalink to Comment

POST A COMMENT




Remember Me?



EMAIL THIS ENTRY TO A FRIEND

Email this entry to:

Your email address:

Message (optional):




RELATED ENTRIES
New NY Advertising Rules Are Out There
(Head)Hunting Season
Best Wishes for 2007!
Legal Services and the LongTail
New Bar Blogging Policy Emphasizes Cluefulness, Participation
Disturbing Study on Treatment of Minority Female Lawyers
Are Blawgs Dead?
The Gospel of Blawging