Wall Street Journal warns about phishing

One of the greatest banes of modern computing is the scourge of so-called phishing attacks. You know what I’m talking about: email that purports to come from Paypal, eBay, Wells Fargo, Bank of America, Chase Manhattan, or a raft of other sites, asking you to log in and correct or update some aspect of your personal record or account.
When you click on the link, however, you don’t go to the real Web site, you go to an elaborate mockup, a different site that has all the right graphics and design (since it’s easy to steal HTML code) but funnels your account and password directly into a nefarious hacker’s database, for them to break into your real account and do as they like.
In this brave new world (yes, that’s sarcasm) it’s interesting to get the following email message from the Wall Street Journal Online, where I’m a paid subscriber…

Here’s what I received:

Dear Wall Street Journal Online subscriber,
We would simply like to remind you that we do not sell Wall Street Journal Online subscriber information to third parties. If you have opted in to receive third-party offers from our advertisers, we may send email to you on their behalf, but it is sent from The Wall Street Journal Online or Dow Jones, not from the advertiser.
Also, we do not require that you respond directly to an email to keep your Online Journal subscription active. From time to time we may remind you to update your account information, but we will always direct you to make changes on the “My Account/Billing” page within your Online Journal account. In addition, you can always contact an Online Journal Customer Service representative to make changes or update your account information.
If you doubt the legitimacy of any Wall Street Journal Online email or if you have any questions, please contact us.
Thank you,
The Wall Street Journal Online Customer Service
1-800-369-2834 (or 609-514-0870): 7am to 12am ET, Monday-Friday.

I appreciate that the WSJ is proactively warning me about phishing attempts, but since I’ve never received one purporting to be from the Journal, it’s an interesting message nonetheless. If I was a hacker and could rip off eBay passwords, Paypal accounts or even a bank account, it’s obvious the mischief I could wreak (or worse), but the Wall Street Journal?
What damage can someone do if they have my account and password? As far as I know, it would only let them also access the premium content on the site, not add additional services, wire money to a third party, or even post responses to major Journal articles.
Nonetheless, by having sent this message, it’s clear that some of the Wall Street Journal Online team are concerned that phishing attempts are masquerading as messages from them. So, again, be wary, just like you should be from any message asking you to click on a link to log in to your account.
Related articles: Paypal still emails customers? and what are pharming and phishing?

2 comments on “Wall Street Journal warns about phishing

  1. Hmmmm, if they had access to your WSJ account, would that in any possible way give them access to your credit card info? Probably not, but ya never know, so it might be worth looking into it.
    But I agree — maybe WSJ is overestimating its own attractiveness here…
    – Amy Gahran

  2. They may be able to access your profile – name, address, home phone number, etc. and since people re-use passwords on multiple sites (even if doing so is not prudent) — compromising one account could lead to compromises of others…
    Rajesh Harbhajan
    Green Armor Solutions
    rajeshh -DO-NOT-SPAM-ME-AT greenarmor.com

Leave a Reply

Your email address will not be published. Required fields are marked *