Phishing Scams Amazingly Effective
from the no-wonder-you-get-so-many... dept
An anti-spam company showed a bunch of emails to people to see if they could spot the phishing scam emails from the legitimate emails and discovered that an awful lot of people are easily fooled. 28% of the time, people thought scam emails were legit. No wonder they're so popular these days. The study also turned up that there are problems with false negatives as well. A large number of perfectly legitimate emails are now being dismissed as fraudulent by users who are too weary of phishing scams. This, obviously, can be quite troublesome for companies who need a legitimate way to contact their customers. The answer seems pretty simple: don't put URLs in emails any more. If you need someone to check their account, tell them to go to your webpage and login, and have a clear splash page that details the issue. Then, convince people not to click on emails in these messages.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
All the more confusing...
[ link to this | view in thread ]
Need to promote digital signatures and SSL/TLS
This is not the way to handle things.
Browsers need to be a little more forthcoming with cues indicating that a web response is unauthenticated and unencrypted, and more importantly, when SSL or TLS *is* used, it should be VERY CLEAR to the user who exactly they're communicating with, based on real-world identity in the certificate, not just some vague, fuzzy relationship implied by a DNS domain name.
Similarly, every official piece of correspondence sent by a company should be digitally signed. E-mail clients should place more importance on pointing out messages that LACK a digital signature, not on those that HAVE one.
We often blame users for not paying attention to Internet transactions that are unauthenticated and unencrypted, but I place some fault on the part of the application developers for not pushing to make these concepts defaults instead of exceptions, as well as the certificate authorities for charging exorbitant fees for something so trivial to create.
[ link to this | view in thread ]
Re: All the more confusing...
[ link to this | view in thread ]
Re: All the more confusing...
ASSUME NOTHING !
My employer, a MAJOR banking institution COMPLETELY rearranged their website & neglected to tell anyone, & I mean ANYONE in the Customer Service Department. Just rolled it out untested.
I'll spare you the ensuing nightmares this has caused for our customers.
Furthermore, CSR's are not told when mailings or emails go out. We often have no clue about what people are reading to us and we are forced to learn AFTER the fact what these poor customers are trying to tell us. Hell, the office that shoots out the mailings isn't even located in the same state as those of us that handle the calls !
I feel very sorry for the people that invest with my employer & would never myself allow this company to handle a dime of my retirement.
On a side note, treat the CSR's kindly & I can assure you that you have a much better chance of getting assistance because we ARE trained to get you off the phone asap. Most of us will gladly " go the extra mile " to help you if you treat us with a shred of decency.
I TRULEY wish our upper management would get their shit together so we could give our customers the BEST service possible when they call us. Sadly, some over paid head honcho who doesn't deal with the investors on a one to one basis makes these decisions without even considering the consequences.
[ link to this | view in thread ]
Re: Need to promote digital signatures and SSL/TLS
[ link to this | view in thread ]