They’re almost identical to the real thing, experts warn

Peter Wilson
Sun

It looked like a genuine RBC Investment site on the Internet last week. All the logos were there. All the links worked — even the ones that led to warnings about supplying your password to digital crooks.

And if you clicked on the little security lock, a pop-up containing a certificate issued by Verisign would confirm that you were indeed securely connected to RBC Financial.

But — no surprise to more sophisticated Net users — the site was a fake, as confirmed by RBC Financial.

A group of digital crooks, apparently in Kyiv, Ukraine, was “phishing” — as the term puts it — for suckers. The unwary had been lured by an e-mail telling them “due to the recent update of the servers, you are requested to please update your account info at the following link.”

Security expert Ron O’Brien, senior analyst at Sophos, which operates a major spam lab in Vancouver, said phishers just seem to get better and better at what they do — to the point where they’re now creating almost completely convincing websites.

“It really has reached an incredible level of creative activity, an incredible level of graphic design, and so much so that these are almost identical versions of the associated websites,” said O’Brien, who added that the original e-mails also are becoming increasingly clever at luring phish into giving away their account numbers and passwords.

The RBC e-mail, for example, warned recipients that RBC had updated its servers because, well, bad people had been sending out e-mails that tried to draw customers to fake sites.

Also recently, an e-mail was circulating carrying the return address of the Quebec-based financial powerhouse Desjardins, attempting to draw unwary Visa card holders to another phishing site.

Despite all the warnings and the publicity saying that banks and other financial institutions never, ever, send out e-mail requests for information, people continue to visit and hand over their account numbers and passwords.

But, said O’Brien, it’s no wonder people get fooled these days.

“I almost got fooled myself recently.”

He had opened a new bank account for his son, who was headed off to college.

A couple of days later O’Brien got an e-mail from the bank telling him there was a problem with the online account.

“My antenna went up because I’m naturally skeptical. But I thought, well, it’s possible because I did just open an account and if there were a need to contact me, I had provided them with my e-mail address.”

There were no misspellings in the e-mail. The graphics were impeccable. And the message made it through O’Brien’s e-mail filters.

But O’Brien did the right thing and called the bank, and found out it was a fake.

“And I thought I had reached a certain level of not being able to be surprised any more.”

RBC manager of media relations Jackie Braden said that she couldn’t comment as to whether phishers were becoming increasingly clever.

“But what I can say is that whenever people do get an e-mail like this, they should know that it’s not coming from a bank,” said Braden. “We never ask for client information, personal identification or account information in an e-mail.

“If a client gets one like that, they should close it and delete it right away.”

One good reason for ditching the e-mail immediately, said O’Brien, is that it could also contain a trojan that would allow the senders to acquire your passwords by other means.

“It’s possible for a trojan to be downloaded on to your PC, and the next time you attempt to log on to your bank it would bring up a fictitious website and you would subsequently provide a third party with your log-in information without even knowing that would happen,” said O’Brien.

Braden said RBC has a number of safeguards built into its site — such as allowing users to set up a series of questions they have to answer before gaining access.

And, since April, HSBC Bank Canada has instituted a method that puts a number of major barriers in the way of phishers trying to get information.

At its online banking site, HSBC has users choose between five different questions that have to be answered each time they sign in, such as what was your first car?

“You come up with a memorable answer to that, which only you know,” said Shelley Maher, HSBC Canada vice-president, direct channels. “It would be very difficult for a phishing site to match the exact question you’ve asked.”

After that, users have to fill in three random characters, numbers and letters of their passwords, again making it difficult for phishers to gather complete password information.

In another move, the developers at Mozilla will be including phishing protection in their upcoming Firefox 2.0 browser that will — working from a constantly updated list of known phishing sites — warn users that they could be about to give away their financial information.

And, recently, techies at E-gold struck back at phishers — who link to images on the real E-gold site — by replacing the original images with ones that warned users that they were on a scam site.

O’Brien said he applauds all these moves, and especially encourages banks to issue constant warnings to customers that they will never send out information-gathering e-mails, but it’s a constant battle to stay ahead of the bad guys.

“The level of complexity [of phishing attacks and sites] is increasingly amazing,” said O’Brien. “And one of the things that it has done is that even those institutions and enterprises that feel as though they have their security solution settled are beginning to realize that there’s no end to it.

“Complacency in this instance will lead to danger, it’s not something that can be taken for granted.”

O’Brien added that the more obstacles that the security industry tries to put in front of virus writers and hackers the more creative they have to be in order to overcome those obstacles.

“And certainly there is a certain level of naivete required to fall victim. But, as I said, I came perilously close myself.

“And I’m sure if the e-mail had been addressed to my son or anyone else in my family I’m sure they would have clicked on the link.”

© The Vancouver Sun 2006

GADGETS I Nintendo and Sony should deliver by Christmas, and there’ll be a new BlackBerry, too

Gillian Shaw
Sun

Every year at this time the back-to-school frenzy barely gives way before it is replaced by another kind of frenzy, the fall parade of the latest in techno-gadgets and electronics.

This year is proving no exception and electronics aficionados can look forward to a lineup stretching over the coming months that will cover everything from gaming consoles to do-everything cellphones and communications devices, the latest in HD TVs and finally, even Microsoft’s long-awaited new Vista operating system, although it’s not expected until late January, along with Microsoft’s new Office 2007.

“This time period basically from September to December is the hot time in the consumer electronics market,” said John Challinor, general manager of advertising and corporate communications at Sony Canada. “It is a great time for seeing new things.”

Uncertainty over the eventual release date of Microsoft’s new operating system could put a wrinkle in computer sales, but with Amazon.com now taking orders for the end of January and the expectation that there will be some kind of discounted upgrades made available, buyers may decide it’s safe to buy a new computer ahead of the Vista release.

“In terms of preparation for the Christmas season, there is a lot coming down the pipe in the next two or three months,” said Cedric Tetzel, merchandising manager of computers for London Drugs. “The unusual part this year is because of the computer side, because of Vista’s infamous delay, certain things are held back on the computer side.”

However, Tetzel said, the new operating system (which he rates as the most significant upgrade since Windows 95), combined with Microsoft’s release of Office 2007 expected at the same time, offers a real advance for computer users.

“There is quite a lot, especially if you combine Vista with Office,” he said. “There are some huge advances, it’s mind-boggling.”

Mike Bulmer, senior product manager Microsoft Office System for Microsoft Canada, said that in Canada 100,000 computer users have tried the beta version of Office 2007, about two-and-a-half times the number of people who have done that for earlier upgrades.

“People are very excited about it,” he said. “It’s fun — not like go to the patio and drink beer kind of fun, but fun.”

On the entertainment side among the most eagerly awaited new items will be Sony and Nintendo’s next-generation video game consoles with Sony’s PlayStation 3 debuting in Canada Nov. 17 in time to compete with Nintendo’s Wii for a spot on Christmas lists.

The two cover a wide range in the market, with the Wii an Internet-connected game machine featuring 512 MB of internal flash memory, wireless controllers, a slot for SD (Secure Digital) memory expansion, built-in Wi-Fi and a fairly modest price tag not yet set but expected at under $250 US.

At $499 Cdn for the 20 GB version and $659 for 60 GB, Sony’s PlayStation 3 is definitely the console for gamers with deeper pockets. It delivers high-definition, powered by the Blu-Ray disc media format, which can hold six times as much data as traditional DVDs, and that combined with its powerful processor and graphics card delivers a gaming experience of virtual real-life action.

While consumers want to play, they’re also keen on communications, and the range of devices they have to choose from is only growing. Most recently, an anonymous blogger released photos and specifications for Research in Motion’s soon-to-be released new BlackBerry multimedia smart phone, a device with music and photo-taking capabilities and the usual offerings of e-mail, phone, Web browsing, text messaging and other functions.

Engadget.com posted information from the anonymous Boy Genius who delivered what purported to be an embargoed press release from T-Mobile USA. RIM has declined to comment on speculation about the device, which is said to be launching on the T-Mobile network with a price tag of $199 US.

Canadians can’t always count on getting their hands on the new gadgets as quickly as their U.S. neighbours. Among cell phones you won’t see here probably until next year are Nokia’s N series Internet phones. In its latest offering, Nokia is releasing the N80 Internet Edition cell phone in September with WLAN, a Web browser and VoIP-based calling support along with a three-megapixel camera.

VoIP phones are gaining popularity as users turn to Voice over Internet Protocol to save money on their long distance chats. The Vancouver-based Ascalade Communications Inc. is showing off its newest Skype-certified VoIP phone at the upcoming VoIP gathering, the fall VON conference and expo in Boston, Mass.

The phone enables Skype users to make and receive both Skype calls over the Internet and traditional landline calls without a computer.

Apple still dominates the MP3 player market by a huge margin but talk of a new device incorporating a phone has not gone beyond that — simply talk. Apple is expected to make an announcement on Sept. 12 when Apple Expo 2006 opens in Paris. That could be anything from computer upgrades to a computer download service, so while analysts say it’s not too late for Apple to make a product announcement in time to reach store shelves for Christmas, for now consumers are left guessing.

Televisions no doubt will be on a lot of holiday wish lists and the choice is only getting richer, with Sharp and Sony this week announcing new LCD TVs, including 52-inch models, set to launch in October.

Sharp Corp. announced Thursday a lineup of full-spec high-definition Aquos LCD TVs ranging from 42 to 52 inches.

Sharp’s announcement came shortly after Sony announced the launch of nine new LCD TV models to be introduced in Japan in October, including a 52-inch high-definition model, with the company promising that most of the new models will be available in overseas markets in time for Christmas shopping.

© The Vancouver Sun 2006

 

Gillian Shaw
Sun

Canada’s largest phone companies denounced a Canadian Radio-television and Telecommunications Commission decision early Friday to stand by an earlier ruling and continue to regulate the price the companies can charge for Internet-based phone calls.

Although the CRTC promised to review certain aspects of the regulatory framework regarding local phone service in the wake of expanding competition, the major phone companies were not appeased.

But the news was welcomed by smaller competitors in the Voice over Internet Protocol (VoIP) market, which argue that there was no reason for the CRTC to reverse a ruling made in May, 2005.

The CRTC has said that large telephone companies could not use their pricing power to undercut smaller businesses and such newcomers into the market as cable companies. However, the government has indicated it wants the CRTC to let market forces play a larger role, and the issue came under review after the federal Cabinet asked the CRTC to re-examine its earlier ruling.

“Obviously, we are certainly disappointed with the decision today,” said Janet Yale, executive vice president of corporate affairs for Telus. “The government clearly sent the [issue] back to the CRTC for consideration because they weren’t happy with the [2005] decision.”

While the CRTC won’t allow the large companies like Bell and Telus to offer VoIP service below cost, new companies entering the market aren’t bound by such regulations.

Also Friday, the CRTC said a rapid increase in competition for local residential phone lines is leading it to reconsider a rule that only allows large phone companies to get out of pricing regulations if they can demonstrate they have lost 25 per cent of their market share.

“The real losers are consumers,” said Yale. “If we can’t make our best offers to customers because we are regulated and constrained as to what we can offer, our competitors don’t have to be sharp and nimble, and consumers don’t get the benefit of full competition.

“It’s very frustrating for us.”

The frustration was echoed by Lawson Hunter, executive vice president and chief corporate officer for Bell Canada. He said he was surprised that the CRTC made no change to its earlier VoIP decision in light of the Cabinet’s review.

“The decision in my opinion is just more of the same,” he said. “It doesn’t substantially change anything. It tries to give the impression they are seeing the market is moving quickly, but they are not moving quickly. And in the meantime consumers don’t have the benefit of vigorous competition from the telephone companies.”

In a statement issued with the decision, CRTC chairman Charles Dalfen said the commission’s “objective of a fully competitive local service market is well on its way to being met.”

“Our objective is to reduce the scope of regulation where market forces are sufficiently strong to protect consumer interests,” Dalfen said in a press release.

Bill Rainey, president and chief executive officer of VoIP provider Vonage Canada, welcomed the decision

“We’re quite pleased and encouraged,” he said. “By reaffirming the original VoIP ruling we felt that it was saying, ‘Yes, the CRTC got that right the first time’.

“For us, it is a very good decision. It is recognition that it is the small companies that are bringing innovation and choice to the country, not the telephone companies.”

The Coalition for Competitive Telecommunications added its voice to criticism of the CRTC.

“Today’s reconsideration report clearly ignores the government’s director and fails to reflect the spirit of the Telecommunications Policy Review Panel report,” Ian Russell, chair of the coalition which represents more than 12,000 companies, through various associations and agencies, including the Canadian Bankers Association, Canadian Manufacturers and Exporters, the Canadian Newspaper Association and others, said in a release.

© The Vancouver Sun 2006