Phishing for Cyberians
Posted by adiamondinsunlight on February 1, 2009
Last week I received this email from Cyberia, my erstwhile Internet provider:
Dear Cyberia Customer,
Recently, it has been brought to our attention that some of our customers are receiving emails, claiming to be from Cyberia Support, requesting their emails account username and password.
We would like to inform you that Cyberia will NEVER ask for your emails credentials, therefore please make sure to delete such emails.
Should you have any questions or concerns, please do not hesitate to contact us using the following number:
Cyberia Support phone number: 01-355156.
Phone support is available 24/7.
Cyberia Customer Services
I was a Cyberia customer for several years, so when I received this email I decided to log on to my account to see what a phisher could do with my account information.
S/he could see my status (inactive) my history (how long I had been a client), my account profile (including a rather curious attempt to abbreviate the long, and totally unknown, official name of my street), and could (if s/he so desired) re-activate my account by typing in the number and code of a pre-paid monthly Internet card.
It makes me quite sad that phishers are now targeting people in Lebanon – including people who may not be sufficiently Internet savvy to recognize a scam, and who could easily fall victim through no fault of their own.
On the other hand, as phishing scams go, it seems like a lot of work for rather little gain.
If I fell victim to a phishing scheme, I would find it annoying, but not much more. After all, I’m fairly sure that as a foreigner I was fairly easy to identify – including name and address – already, so I’m not sure what extra information the phishing would provide. Like most Cyberia users, I paid not through a monthly, credit-card based subscription, but via the pre-paid cards I mentioned above. So worst case, the phisher would know where I lived and be able to replenish my account, but … that’s about it. No Internet shopping sprees on my Visa card, and no – I think, although please correct me if I am wrong – ability to skim off my account for a little free Internet, either.
To me it sounds more like catch-and-release than traditional fishing: still not great for the fish, but resulting in no lasting gain for the fishermen, either.
Does anyone else know more about this? Is it a more serious issue than I think?