There really isn't a simple cure, however. E-mail filtering products can try to screen out these messages, but it isn't all that easy as the con artists change addresses at the drop of a hat. ISPs can shut down the IP addresses used by the crooks to collect the personal data and host the phony sites that draw in the marks, but again it is staying a few steps behind the bad guys. What it really comes down to is that you and I have to be more vigilant about responding to the come-on message.
I almost fell for the Citibank phish this past summer. But then I wondered why Citibank would be sending a message to my outside e-mail address at CMP, when it has a perfectly good and secure means of sending me messages using the Citibank online banking system. Of course, when I examined the message more carefully I could see that it was going to some external site that had nothing to do with Citibank. What annoyed me more than anything was that it took the bank several months before they posted a message (using their own system of course) before they issued a warning notice to me and their other customers.
The crooks are getting cleverer. Some of the phony site URLs are very, very close misspellings from the actual site addresses, and easy to miss with a quick scan of the domain name.
The moral of the story is never give out your password to anyone at anytime. And have a healthy bit of skepticism when you go through your inbox, and don't immediately respond when you get one of these messages anyway.
Editor's Note: A number of you are accessing e-mail via wireless means. If you are interested in wireless security, developing wireless apps or in just familiarizing yourself with this area, check out www.mobilizedsoftware.com. There's a column on security written by my editor Jennifer Bosavage as well as numerous articles on development and design.
