- News Topics
- E-Government
- Emerging and Sustainable Technology
- Health and Community Services
- IT Policy/Mgmt/Enterprise Tech
- Justice and Public Safety
- Products
- Transportation and Infrastructure
- Wireless/Mobile/Broadband
- View All News Topics...
- GT Network of Sites
- Digital Communities
- Emergency Management
- Public CIO
-
Videos
- Photos
- Newsletters
- Industry Perspectives
- Case Studies
- White Papers
- Contributed Solutions
- How to Guides
Phishing for Passwords
April 3, 2009 By Mark Kemmerle
Used with permission from the Maine Office of Information Technology
This month's security item is an e-mail that was sent to us by a Maine OIT employee. The employee gave permission to reprint the e-mail, but ask that we not reveal the identity of the contributor. This is a true story of something that happened to a Maine citizen, an IT professional, and someone who knew the basic security principles of password protection. It serves as a good lesson for us all that no matter how careful we think we are being, it only takes one small mistake for things to unravel quickly.
Our co-worker's story:
"I think that a lot of people don't take it serious when they are told to use a different password for everything and people like me assume they are really careful and nothing will happen to them."
Often times in my hotmail account I get a "phishing" e-mail that contains a fake PayPal link and since I know better I simply hit forward and send it on to the PayPal security team. On March 9, 2009 I received one, and because I haven't used PayPal since September of last year I didn't read it and just forwarded it to them. On March 10, 2009 I received an e-mail from PayPal stating my account had been changed to limited access in the subject line so I read it and it was limited because they believed a third party had accessed my account. They didn't state in the e-mail that there had been any transactions so I shrugged it off and figured I'd log into my PayPal and cancel the account as I don't use it anymore. To my surprise when I logged in there was a transaction there for over 400 GBP which translated into $645.59 USD. In addition, the hacker had changed my address to an address in Lithuania. I then logged into my bank account and the money was gone. I obviously was very upset as I am a single income supporting my family and things are tight (as they are for everyone). I called my bank and filed a claim and called PayPal and did the same thing.
View Full Story
You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Phishing-for-Passwords.html
GovTech Papers and Case Studies View Library
Sponsored Links
Government Best Practices
» A New Model for Human Resources
» Abandoning the High Cost of Enterprise Content Management
- Most Viewed
- Most Commented
-
-
Indiana Launches More Secure Drivers License
"Can I use this new enhanced licenses to cross into Canada for an three night stay?" -
Ex-Hacker Mafiaboy Discusses Local Government Web Security
"So you're saying because he was talking to an evident layman, he should go into massive amounts of d" -
Sacramento, Calif.’s Website Hacked, Goes Offline
""Authorities have not named who they believe is responsible for the cyberintrusion in Sacrament" -
Site Reveals Salaries of New York State Employees, Other State Financial Data
"Rwanda - this person is paying for YOUR government assistance."
-
Indiana Launches More Secure Drivers License
Daily Govtech News In Your Inbox
Subscribe to Government Technology
Subscribe | View Digital Issue