What benefit could RB possibly derive from such spam, unless it was to discredit the honest folks at North American? A disgruntled employee? A rival? Certainly spam is a potent way to damage reputations: I recall a year or so back trying to find out who sent out spam in the name of TemplateStyles.com. The company itself denied all knowledge, but some angry respondents were suspicious, pointing to the lack of proper information about the company on its website. A year on it seems the site is now up for sale, so either the doubters were right or the spam killed off the company's chances. Either way it brought home how easy it would be to dent a reputation by sending out spam in someone's name.
Then there's the Spam Slur: A few days back I started receiving an email alleging that some German individual "is a knave" who apparently does not deliver goods he has contracted to deliver. (I'm afraid I foolishly deleted several copies of the email, which was clearly sent out in spam-like quantities.) No one can trace the source of the slur, but the target is bound to have felt some pain at being labeled a knave. I haven't been called that since school.
-- More than 60 unique new phishing email fraud attacks have been launched against consumers in the last 2 weeks
-- Over 60 million email fraud attacks are estimated to have been sent out in the same period - timed for the peak of the holiday season
-- eBay customers were the most highly targeted by scammers, with 24 unique email fraud attacks over the past 60 days
-- Online financial institutions, including banks, Visa and PayPal, represented the largest target group with 35 unique email fraud attacks reported over the past 60 days
It seems that phishing has been remarkably rewarding for the scammers involved. The Anti-Phishing Working Group reckons an average of 5% of recipients respond to such emails, resulting in financial losses, identity theft, and other fraudulent activity. And, perhaps worse, this "activity threatens the integrity of companies that do business online". (I'm assuming they're talking about banks, eBay and other folk who rely on ordinary folk to maintain their faith in the security of online commerce.)
There are a number of ingenious scams that play on the holiday theme -- which also highlight that it's not just banks and big-ticket items that the phishers are targeting. One example is a fake online Christmas card, designed to compromise AOL accounts. In this scam, the recipient receives a spoofed email from the "AOL Hallmark" team, and is asked to visit a website to pick up his/her card. In order to access the site (which is run by the scammer), the user is asked to log in to his or her AOL account, thereby divulging the account name and password. The compromised account can then be used, anti-Phishing says, to launch further phishing attacks, virus attacks, spam, or other nefarious activity.
Clearly this sort of thing is going to grow, becoming more sophisticated as users wise up to the scams. Recent emails now play upon the growing awareness of scams by claiming to be from your bank, warning you about such scams and telling you to ignore other emails. They then, of course, go on to tell to visit the legitimate website to confirm your password. (The main component of this trick is that 90% of the email is genuine, in that the images are all from the bank's website, and if you hover your mouse over the link you're being asked to visit, it may well look genuine too. What you're actually seeing, is a clever ruse: the real website is buried at the end of the link, hidden after a lot of empty space. So checking that sort of thing is no longer enough. It should go without saying that you shouldn't react to any email that requires you to do anything with your password. For a good resource on such scams, check out Codefish.)
In the end all this will help educate users about the Internet and improving their own security. I don't see it doing any serious damage to online commerce, at least in terms of undermining public confidence. I do believe, however, that we've seen only the tip of the iceberg in terms of the sophistication of scammers, and banks and other online institutions must improve their awareness of the threat, as well as protect and educate their customers.
Have a phishing-free Christmas.
Now The Washington Post has written up the experience of the Neistat brothers, and presented it as an example of the disposability of electronics, and of irate consumers fighting back.
It's a great piece. Trouble is, I don't think the story is quite as simple as that. First off, there's some suggestion the brothers haven't been completely upfront. According to one academic who briefly hosted their video on his server, Dave Schroeder, there are some holes in their version: He says Apple began offering the replacement program nearly a week before the brothers' website was registered (ipoddirtysecret.com, on November 20; Apple's replacement program was announced on November 14). As Schroeder acknowledges in his letter to the Washington Post (posted at Slashdot), it was 'coincidentally close', but was before Apple had was aware of the brothers' video. (The Post article says the Apple announced expanded warranties for new iPod owners to purchase for $59, and also introduced a new $99 battery-replacement mail-in service for others "days after the movie made the rounds" of websites like Schroeders. The Neistat brothers themselves are more cautious on their website, saying "After we finished production of the film, but not necessarily in response to it, Apple began offerring a battery replacement program for the iPod for a fee of $99 and an extended warranty for the ipod for $59".)
But did the brothers know about this before they posted their video? Schroeder says yes, saying he agreed to post their video on condition the brothers post a link on the same site to the Apple replacement program, something which he says they never did. (Schroeder has kept a record of their communications here.) If this is true, I don't see any way one can link the Neistat's campaign with Apple's decision to offer a refurbishing service.
But what about the allegation that Apple is building in obsolescence into what are already pricey gadgets, using batteries that die after 18 months and steering punters into replacing the whole unit for $400, while making it hard to replace the batteries without damaging the unit? not everyone agrees it's hard to replace the battery: Here's an example of one user who felt confident her mother could do it without help. But I have to say, I've fiddled around with my iPod a bit, trying to get the back off according to instructions, and would conclude that my mother wouldn't enjoy doing it. It's certainly tricky, and hard to do without scratching the iPod body.
My conclusion? I think Apple have been remiss in a) not introducing a refurbish program earlier, b) not making it easier to replace the batteries, and c) not immediately guiding the brothers to websites which sell do-it-yourself batteries. While the iPod is beautifully designed, I can't really see a reason for not including screws in the casing.
But having said all that, I think we must be careful about guerrilla consumer actions such as those undertaken by the Neistat brothers. We may not not yet know the whole story (I've emailed both them and Apple asking for more information), but so far it seems that their campaign may have misled hundreds of thousands of users by not including, either in it or on websites where it was posted, information about alternatives to buying a new iPod. Consumer activism should not copy advertising. It should be informative, not deceptive.
see below for subscription links -- sorry, but the columns are only available to subscribers.