Of all the methods scammers use when hunting for victims, phishing is one of the most difficult to guard against. Phishing attacks are designed to exploit societal vulnerabilities more than technical flaws, and, in some cases, are extremely difficult to block. Even the best anti-malware software suite can't stop an end user from willingly revealing personal information, particularly if the web site being used to collect the data doesn't trip any high-alert security alarms.

The Federal Trade Commission (FTC) has taken an interest in educating consumers on the dangers of phishing. To that end, the government organization has prepared three separate 60-second videos on the ways and scenarios a consumer might possibly encounter a phisher. Behold, Phishy Home, Phishy Office, and Phishy Store in all their puissant glory.

The ads all follow a common theme. In each, we see a friendly and believable-sounding man requesting personal information from a consumer who grows increasingly suspicious as the conversation progresses. The ads do a good job of demonstrating how a phisher can introduce itself from a seemingly safe vector "I'm with your credit card company, we suspect several unauthorized transactions on your card" followed by a request for information that the legitimate credit card company might ask for. "You give me your social security number, and we'll take care of you." In Phishy Home, the consumer appears perfectly ready to hand over this information, but begins to balk when the phisher requests his PIN number.



Sadly, it's never quite this easy.

Unfortunately, this is where the FTC's videos fumble the ball. Instead of accusing the would-be phisher of identity theft based on his requests for personal information, his targets discover a large fin sticking out of his back. This might be good for a bit of humor, but it doesn't teach the viewer anything about why the phisher can be identified as such. Virtually every legitimate bank or credit card company has an explicit policy against asking for certain types of customer information over the phone, and it's often printed on any statement or notice the company sends.

Phishy Home, in my opinion, does the best job of communicating its message, and the FTC does deserve credit for attempting to spread the word on the dangers of phishing. The government has also launched a web site at www.onguardonline.com to address phishing and identify theft in more detail. The site gives a thorough treatment to a wide range of topics, and actually looks to be a solid reference point for anyone who thinks they may have been the victim of identity theft, or simply wants more information on the topic.

All in all, this is good work, though hopefully future videos will spend a bit more time on identifying phishers and a bit less time gawking over a large plastic fin.