In computer news this week:

Lead: When your ISP protects themself, not you, in a credit card scheme

The email came in on Sept. 4th at 8:36 AM, a couple days after I was back from vacation and working to catch up with my work.

I've used Earthlink as my ISP for a couple years now, and there service has been adequate; nothing stellar.

It looked exactly like an official Earthlink email, using the company colors, and coming from an official earthlink looking address. As you all know, sometimes your own ISP is one of your worst spammers, particularly if you use AOL. But Earthlink generally only sends a monthly newsletter, and once in awhile some other correspondence, so I read this email, which said:

"This email is a reminder that your Earthlink account information is not up-to-date. To avoid any interruption to your service including the ability to log onto Earthlink, please update your credit or debit card information.

If you do not update your information, you may no longer be able to use Earthlink.

This is your final notice. Please take a moment to update your credit card information by clicking here and submitting your information.

Sincerely,

Earthlink Billing Department"

Let me point out a couple red flags in this email.

First of all, there was a spelling error in the Subject line of this email - the word information was spelled wrong, and when an ISP sends out a billing notice to millions of its customers, you know they probably do check the spelling.

Second, the language in this email is threatening - "to avoid any interruption of your service - you may no longer be able to use Earthlink - this is your final notice" -

I used to get emails like this a lot when I used AOL, but this was the first one with Earthlink, and I have to say this looked like the real thing.

To see where this all led to, I did click in the email, and it brought me to a very official looking site - earthlink-verified.com - which looked exactly like the earthlink site . and there was a very official looking form there for you to fill in all your personal information and your credit card number, and your pin numbers. It even had a notice that it was a secure site which used 128 bit SSL encryption.

Only problem was, it wasn't a secure site, because secure site are all HTTPS - Not http. And there also was no little padlock icon on this screen which also shows it is a secure site.

To do some detective work, I next looked up the owner of this site, which you all can do. I went to the Network solutions site - www.netsol.com - one of many internet registrars where you can find information about websites - and clicked on their WHOIS button to find out who is the owner of this website - and then typed in earthlink-verified.com

The whois information showed this site registered to a Fred Washington in Greensboro North Carolina . I then tried looking up this guy using Switchboard.com by the address and phone number he registered the site under, and it was all bogus.

I then immediately sent this email and the message header back to Earthlink Abuse- 28 minutes after I had received it , telling them how I had looked up this guy and found everything to be bogus - and then I asked them to immediately send an email to their entire customer base so that thousands of people wouldn't give their credit card information to a crook.

But Earthlink did nothing. 6 days later, on Sept. 10th, they sent me a form email thanking me for contacting them, and a vague message about how they are aware things like this happen, and if I had indeed given my credit card information, I should take steps as though the information were stolen from me; to contact my creditors.

So if you fell for this scheme, it's all your fault. What an ISP !

For Raw Bytes, This is Frank Delaney

POB 222 Spangle, Wa 99031 (509)245-3736 624-7230