Online Life Is A Bit Of A Gamble

Trusting a company to look after your data could be as risky as putting your money in a Vegas slot machine, says Eric Doyle

Las Vegas has lessons to teach about the world of phishing scams and social engineering. Its alternative name of “Lost Wages” is well-earned – the whole ethos is to separate people from their hard-earned savings.

The secret is to massage a few egos and promise something beyond belief but, like email scams, the odds are stacked against anyone leaving Vegas richer than they arrived.

A Question Of Trust

The whole trick is based on the trusting, gregarious nature of people and the driving urge to achieve better living standards, mixed with a touch of greed, a drive for excitement and a dollop of gullibility. The very same properties that phishing attacks prey on.

The massive growth of social networks is witness to this – and the number of people who leave security turned off hails back to the days when our forebears left their backdoors unlocked. Over time we have learnt not to trust as openly and that is precisely the learning curve we sit at the bottom of today.

This trusting nature is often the source of our undoing and that is why the loss of email addresses is not an unfortunate event – it is a serious breach of trust. No matter how the likes of Epsilon, Play.com and ACS:Law may try to dismiss the breaches as being only email addresses, it is not to be considered a minor set of breaches. The fact that payment card details were not stolen does not lessen the potential impact on the betrayed customers.

Already we are seeing phishing attacks that target these people and the fact that none of the companies can say for sure whose addresses have entered the wild world of hackerdom only makes things worse.

A Rich Crop?

I have been informed by at least two companies that my address may have been disclosed. So I have to remember this every time I get an email from one of them. The problem is that the list of companies whose emails I cannot trust is increasing and the onus is on me to remember these names.

I can expect an onslaught of subtly phrased messages offering me reasonably priced products at moderate savings. If I click on the link, I will be taken to a perfect facsimile of the site where I may be stripped of my credit card details. Or not because I don’t know which, if any, company has lost my details.

The naysayers will point out that email addresses litter the Internet and that these breaches have merely simplified the process of harvesting this rich crop. However, the emails available rarely tell any phishermen where I shop.

There is an increasing trend to create specific email addresses for each Internet business account. This is to be encouraged but, when a company “loses” these addresses, it actually makes the customer less secure. To get an email sent to this “trusted” address is likely to put the recipient off-balance.

It cannot be stressed enough that these companies are not doing their job properly. Encryption is not foolproof but it does add a layer of security that would ultimately foil most breaches.

Eyes open, doors locked

I have been to Vegas before and seen the countless number of women offering me the world if I “play a few tables” with them first, and men with unbelievable offers of get-rich-quick schemes.

Among the fake facades of Venice, Paris and New York; the false reconstructions of ancient Rome, Luxor or a pirates’ lair, it is easy to lose track of reality. Within these buildings the lack of clocks and windows means that eventually time itself becomes an illusion. It is like the Internet incarnate. You have to adjust to the environment. If you can’t trust your eyes, you can’t trust anything.

Maybe the lessons that will be learnt by the customers of Marks & Spencer, Mothercare and the host of other retailers have been damaged by Epsilon’s insufficient security will teach them a valuable lesson. Perhaps some will realise that security is important and should be applied beyond shopping and into every interaction they have with the web.

It will be a long and painful trail for many of people to learn to keep their doors locked – and it won’t protect them from determined crooks – but it could get them into a Vegas state of mind: to doubt everything and only trust when that faith has been earned.