Every day I get at least 2-3 emails from someone reporting to be Paypal, eBay, Chase, Citigroup, or another well known financial institution. The message always asks me to confirm fraudulent activity, a new email address, or a payment transaction. All emails include a link to a website that looks exactly like the real company’s website.

These emails are part of a phishing expedition - the lastest trend in internet spam where spammers send out email proporting to be a legitimate company that you probably have an account with and ask you to click a link and enter your information. If you follow the email instructions, you’ll end up giving away your information to God knows who and chances are, you’ll start seeing all kinds of fraud charges showing up on your credit cards or bank account.

The term (pronounced like fishing) gets its name because spammers are throwing out bait (ie sending lots of emails) and waiting to lure in their prey (ie tricking people to click through to their fraud website and give up their financial information).

The FTC has some great advice on how to avoid falling for phishing scams with rule #1 being never, ever click on a link in an email. Always type in the correct url directly into your browser (ie www.ebay.com).

Microsoft is claiming that security is priority #1 with their upcoming operating system, Vista, set for a release date of late 2006, they are ditching Passport and creating a new system called the InfoCard identity management system. Stanford Law Professor and Electronic Frontier Foundation (EFF) Board Member, Lawrence Lessig, says this about it in the March 2006 edition of Wired Magazine.

The system effectively adds an ‘identity layer’ to the Internet, accomplishing what security companies have been promising for years: making it difficult to falsify an identity and easy to verify your own. Here’s how it works: Users’ computers (and potentialy cell phones and other devices) will hold files called InfoCards that give encrypted sites access to authenticated information about the user. An American Express InfoCard, for example, might carry your name, address, and account number, all authenticated by American Express. When a Website requests personal data, you choose whether to release that information, securely and with the verification of the card’s issuer.

The resulting system is more precise and comprehensive than the hope-it-woks hodgepodge of security measures we use now, argues Kim Cameron, Microsoft’s chief architect of identity and access. ‘Auto-complete and cookies and passwords are part of a patchwork solution. With InfoCards, users will always know exactly what’s happening and can always control it.

This might sound scary to friends of privacy. It shouldn’t. The InfoCard system gives you more control over your data, not less. Theprotocol is built on a need-to-know principle: While an InfoCard might hold 30 facts about me, only the data I choose to reveal is shared. If I need to certify that I am a US citizen, then that fact is verified without also revealing my name, age, or place of birth. And when it comes to that fake PayPal site, the InfoCard system wouldn’t recognize it - it wouldn’t have the proper credentials.

If you’re interested, Microsoft just posted a 50+ minute video about the InfoCard system on the Channel 9 website.

Microsoft also has competition from VeriSign Identity Protection Network, which signed up eBay and Yahoo! as supporters, according to SeatlePi.com.