Over two years ago the first story on e-government phishing story broke, It wasn’t a big story and it took me a while to blog about it – some 4 months.
So imagine my surprise on boarding the tube yesterday to find it strewn, as ever, by copies of the Metro, with this headline.
e-Government is front page news, of a kind. Plainly any time the taxman offers you something for nothing, you’d imagine it’s a fraud so I’d be intrigued if anyone had actually fallen for the emails that are apparently being sent in their tens of thousands.
The roll out the barrel/Nigerian 419-type scam has been around for decades, moving from letters to faxes to emails and losses have been real and genuine through that time, so doubtless some have indeed fallen for this. And we need to do something about that. But it’s an old story and not an easy fix.
Back in 2000, we quickly learned in the Inland Revenue that there really was no such thing as bad publicity. An outage of the Self Assessment service – whether planned or unplanned – quickly became mainstream news (I have less than fond memories of front page features in the FT and top of the hour stories on BBC news), traffic went up. Too few people knew of the option to use the web to engage with government and so this free PR was actually helpful in getting the message out – even though the content of the story was generally negative.
So here we are again – in the run up to the end of January – the biggest peak in tax return filing – a headline story about e-government … and maybe a boost in visitors to government websites. It sounds like I was suggesting there was an agenda there – I wasn’t. The spammers are certainly not in league with the government – my point is that it is rare for e-government to make the headlines, even rarer when it’s actually a good news story (i.e. the news here is “take care folks, there are bad people about, here’s what you need to do” as opposed to “another bloody government disaster.”)
Meanwhile … what to do about the underlying problem, that it’s all too easy for a fake website or an email leading to a fake website to capture what ought to be confidential details? I’ve posted here more than a few times about my suggestions – back in 2004, I talked about AOL and its keyfob plans and in 2003 referred to a piece by Simon Moores, and I even proposed some answers. We’re still not there. My bank uses credit-card sized keypads that generate numeric keys that need to be tapped in every time, some sites use pictures that if they don’t appear tell you that the site isn’t genuine. We need something for government too.
Hi AlanHappy New Year! Your Blog reminds me that I should really refresh my own and bring it up to date. I get distracted with my local Thanetlife.com weblog these days when I should really be following your example and writing something more incisive about technology and its many successes and frequent failings in the public sector.s Chris Kelly from Facebook is coming along to ecrime in March, which should be an interesting presentation. Do come along for it if you have the time.Best.. SimonM