Phishing Scams Amazingly Effective

from the no-wonder-you-get-so-many... dept

An anti-spam company showed a bunch of emails to people to see if they could spot the phishing scam emails from the legitimate emails and discovered that an awful lot of people are easily fooled. 28% of the time, people thought scam emails were legit. No wonder they're so popular these days. The study also turned up that there are problems with false negatives as well. A large number of perfectly legitimate emails are now being dismissed as fraudulent by users who are too weary of phishing scams. This, obviously, can be quite troublesome for companies who need a legitimate way to contact their customers. The answer seems pretty simple: don't put URLs in emails any more. If you need someone to check their account, tell them to go to your webpage and login, and have a clear splash page that details the issue. Then, convince people not to click on emails in these messages.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Chris Wuestefeld, 28 Jul 2004 @ 3:26pm

    All the more confusing...

    I've received email claiming to be from my credit card company, and called them to verify that the message was legit. Their customer service reps couldn't tell me one way or the other. If the company can't themselves offer any guidance, how can the customers do better?

    link to this | view in thread ]

  2. identicon
    David Nesting, 29 Jul 2004 @ 8:06am

    Need to promote digital signatures and SSL/TLS

    Much of the problem, in my opinion, is the lack of any real push for authentication and digital signatures. Browsers assume that most all web browsing is going to be non-secured, and thus streamline their interfaces to make non-secured web browsing as plain and comfortable as possible. Thus, users think that non-secured web browsing is OK and perfectly trustworthy. When they visit an SSL site, the only thing that changes for them is a tiny little yellow padlock in the status bar of their browser (if they have their status bar turned on).
    This is not the way to handle things.
    Browsers need to be a little more forthcoming with cues indicating that a web response is unauthenticated and unencrypted, and more importantly, when SSL or TLS *is* used, it should be VERY CLEAR to the user who exactly they're communicating with, based on real-world identity in the certificate, not just some vague, fuzzy relationship implied by a DNS domain name.
    Similarly, every official piece of correspondence sent by a company should be digitally signed. E-mail clients should place more importance on pointing out messages that LACK a digital signature, not on those that HAVE one.
    We often blame users for not paying attention to Internet transactions that are unauthenticated and unencrypted, but I place some fault on the part of the application developers for not pushing to make these concepts defaults instead of exceptions, as well as the certificate authorities for charging exorbitant fees for something so trivial to create.

    link to this | view in thread ]

  3. identicon
    Bob, 29 Jul 2004 @ 1:35pm

    Re: All the more confusing...

    If the customer service rep couldn't tell you about the e-mail, it would have to be spam. There is no way you could communicate to all cust service reps each time spam in your companies name goes out. I'm sure most credit card companies would tell their CSR's when a legitimate e-mail is going out so that the CSR's can clarify any questions that customers may have about it.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 30 Jul 2004 @ 8:39am

    Re: All the more confusing...

    Bob,

    ASSUME NOTHING !

    My employer, a MAJOR banking institution COMPLETELY rearranged their website & neglected to tell anyone, & I mean ANYONE in the Customer Service Department. Just rolled it out untested.
    I'll spare you the ensuing nightmares this has caused for our customers.

    Furthermore, CSR's are not told when mailings or emails go out. We often have no clue about what people are reading to us and we are forced to learn AFTER the fact what these poor customers are trying to tell us. Hell, the office that shoots out the mailings isn't even located in the same state as those of us that handle the calls !

    I feel very sorry for the people that invest with my employer & would never myself allow this company to handle a dime of my retirement.

    On a side note, treat the CSR's kindly & I can assure you that you have a much better chance of getting assistance because we ARE trained to get you off the phone asap. Most of us will gladly " go the extra mile " to help you if you treat us with a shred of decency.

    I TRULEY wish our upper management would get their shit together so we could give our customers the BEST service possible when they call us. Sadly, some over paid head honcho who doesn't deal with the investors on a one to one basis makes these decisions without even considering the consequences.

    link to this | view in thread ]

  5. identicon
    Guy, 13 Oct 2006 @ 9:54am

    Re: Need to promote digital signatures and SSL/TLS

    Well, I'd like it to be known that since setting up my G-Mail account last year I've received four 'phishing' e-mails claiming to be from various services, most recently Bank of America. In all four incidents, the G-mail webclient has pointed out in bright red letters that "This e-mail may not be from a legitimate sender" and automatically categorized them as spam.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.