Comments on: The secret of phishers' success

Scams are sophisticated enough to trap many consumers despite widespread public warnings, a study finds.

[CrackedCracklinLover]

Secrets of Phishers' Success`

At 57, I got my first computer 7 months ago. Long before that, I read and heard many stories about Phishing, and they all said "Banks do not do this by Email". Two weeks after getting my computer I received my first 2 Phishes'. One claiming to be from my bank, and one claiming to be from Pay Pal. I remembered what I read and heard and deleted the Emails. Why do they respond to these Emails? Simple, for the same reason people will open anything that says "Do Not Open".s They just have to know,"Why Not, What are they trying to deprive me of"? Isn't that why Pandora opened the box.

[thanhvn]

Being wary is not good enough ...

... being able to tell the difference between a legitimate and a phishing email/site is much more important. Deleting suspected emails (even though not 100% sure they are phishings) is easy enough. But what if some of them are legitimate and there is a genuine need to separate them from the rest? It's like the fear of getting ripped off by auto mechanics. Just avoiding them all together is probably not a good idea. There is a real need for secured online transactions. Just as the only sure way to avoid getting ripped off by auto mechanics is to recognize bogus recommendations, the only way to avoid phishing is recognize the phishs from the legitimate. I know, not everyone has the time or the patience to learn a whole new area of expertise, especially older folks, but that's the price of evolution, of living in an increasingly sophisticated world. Well, everyone has to start somewhere. For me, the biggest payback with just a small amount of effort is to learn the Internet domain system. This will tell you at a glance, in most cases, whether an email is phish or not. The next thing to learn is: (due to visual spoofing) unless you absolutely trust the link, _always_ type the address into the browser instead of clicking on a link. These two things will drastically reduce the chance of falling victim to a phishing scam.

[YankeeZ]

The secret of phishers' success

I have been working with Internet access longer than I care to recall. In a recent test of 10 sample e-mails, I called all 10 phony, when actually 8 out of 10 were phishing attacks. I doubt a financial institution could send me an e-mail now without there being a good change it would be routinely deleted as another spoof. The bogus e-mail has eroded the credibility of legitimate e-mail. As people continue to be taken in by phishing attacks, it only perpetuates the problem, as the scammers are continually rewarded for their efforts.

[RolandWad]

Why phishing works

Tell 1,000 people that the moon is made of cheese and someone will believe you. This is why phishing works. Send 100,000 emails and you've got 100 people's bank details and you can clean them out. That's a nice profit for a day's work.

I really don't understand why people have problems telling real from fake emails. You just need to ask one question:

Does this email ask me to click a link and type in my details?

* Yes - it's a scam
* No - it's real

Your bank has your details and it won't ask you to click a link and type them in. It doesn't forget what they are, it doesn't have technical problems, and security upgrades don't go wrong.

If someone knocked on your door and said "I'm from the bank. Please tell me your bank account details and credit card number." Would you tell them? I suspect some people would though - presumably those that think the moon is made of cheese.

[RolandWad]

US academics wrong

Just read the paper by these US academics and they've got it all wrong. What they did was created 20 fake websites and asked people if they could tell they were real or fake. Now that's hard and you don't need to educate people to be able to detect fake websites, you just need to stop them going there in the first place. Don't these acedemics realise that most phishing starts off with an email? If people can spot fake emails, they won't ever get to the website, so they don't need to know how to spot fakes. There's a simple solution:

Don't click links in emails!

You'll never get caught out by phishing. It requires no skills and no knowledge.

[howiem]

It's the email

Agree with your comments. But I'm afraid that we will never get people to stop clicking links. Therefore, until there is some technology that can block phishing emails before they ever reach a user, it will be better to eliminate clickable links in emails from banking and other financial institutions. One of my banks is already doing this. This may sound like an impossible solution, but consider this:
The only people who can get phished are those doing online financial transactions. Those are people who have a login and password. These customers also have an email address known to the bank, and therefore can be contacted by their bank. The banks should start an educational campaign for its online customers on how to bookmark the proper bank URL, and the banks must use plain text email with no links to do this. No click, no phish. This is not the cure-all, but if you get bombarded by plain text email from the bank telling you how to access their web sites, and are also told never to click on links in an email from any bank, because a legitimate bank will not send email with links, we won't have to worry about spoofed web sites.