Phish Scams Fooling 28% of Users 618
Etaipo writes "Anti-spam firm MailFrontier Inc has done some testing with consumers to see if they could differentiate between legitimate e-mails and phish scams. The results, to me, were pretty shocking.
The company also has provided a similar test on its web site. Get an answer wrong, and we revoke your geek license on the spot."
script kiddies in the media! (Score:5, Funny)
I guess after all those tours and all those basically unsuccessful albums they are in need of people's credit cards in order to support their own solo touring and promotion.
All kidding aside, I am genuinely disgusting that the authors of these articles did not call this sort of scam by a legitimate title such as "fishing" or "credit card scamming" or "you are a fucking moron for falling for the give me your Credit Card Number in an email" like it has been in the past. I wasn't aware that "scr1p+ K1dd13 sp34k" had crossed into "real journalism". I can see it now... Parents banning their children from listening to Phish because FoxNews told them that they could have their credit cards stolen.
-1 Troll for the authors of these articles.
Re:script kiddies in the media! (Score:5, Insightful)
disgusted. you are disgusted. i make this mistake all the time :/
agree about the leet speak.
i came very very close the other day to falling for a fake eBay "your account has been hacked, verify your account details" type scam. it was brilliant, no typos, perfect grammar, good layout, and most of all: i was tired when i got it. felt like a right plonker for even believing it for a second. now i have a lot more sympathy for people who fall for these things. thank god i did check the url.
This is why... (Score:5, Insightful)
...I won't use an email client that renders HTML. Or at least, won't let me turn that off.
When I get these mails, 95% of the time I delete them unread; no legitimate business should ever need me to "confirm my information". Every so often I look at one, and since I only see the raw HTML, it's easy to see that the images and whatnot are all being pulled from the real company site, except for the "login" link which goes to some mysterious dotted quad address.
(Side note to companies: stop letting outsiders pull images off your server; only let your own pages refer to them. It's an Apache FAQ, fer cryin' out loud.)
Every so often a friend will send me HTML mail, but I can cope. :-)
Re:This is why... (Score:4, Insightful)
Re:This is why... (Score:3, Insightful)
I'm stupid. Nevermind.
Re:This is why... (Score:3, Funny)
Re:This is why... (Score:5, Insightful)
There is a meaning to this word confirm.
If they list the information they wish to confirm, it might be legitimate.
If they list no information that is to be confirmed, it's a scam.
There is a problem if several pieces of information with one of them wrong.
"your account has been hacked, verify your account details"
Which account has been hacked?
You know the account has been hacked.
You know the account is mine.
You will not tell me which account, how you know it is hacked, and how you know it is mine.
It's not the misspellings, bad grammar, etc. There's something missing that any legitimate message of that sort would have. Essentially it's insider information pertinent to why this comes from you to me.
Re:script kiddies in the media! (Score:4, Funny)
I am genuinely disgusting.."
disgusted. you are disgusted.
What do you know, maybe he is the goatse guy, in which case I think we can all agree his statement is perfectly correct.
Re:script kiddies in the media! (Score:5, Interesting)
Phishing also has the connotation of hoodwinking users, getting passwords, whatever, not just credit card info.
The correct term... (Score:5, Informative)
The average non-techie wouldn't know what a "Phish" scam was if it was sitting on their face, any more than they would know what a phreak was or why hacker, cracker, and coder all mean very different things.
I agree with GGParent. This crap should never have made it into the media. They're only going to be screwing it up.
I've seen "phishing" used on the evening news... (Score:4, Insightful)
This isn't new.
Re:script kiddies in the media! (Score:5, Funny)
Re:script kiddies in the media! (Score:4, Funny)
80% right, 100% ugly colour scheme. (Score:3, Insightful)
I answered 2 incorrectly as Fraud to get an 80% score so I lose 2 geek points but gain them back for erring on the side of caution. Actually I never bother with HTML mail and just skip it. That hasn't bit my butt yet.
IT's colour schemes are giving me a seizure...
Re:80% right, 100% ugly colour scheme. (Score:5, Funny)
Re:80% right, 100% ugly colour scheme. (Score:4, Insightful)
Besides, you are right about HTML mail. If I subscribe to e-mail notifications from websites, I always choose plain text e-mails. If I do get HTML mail, I look at its headers first (without opening content and certainly not loading any images) - most of it is spam/fraud/whatever. So, maybe there should have been a way to display headers in the test.
Re:80% right, 100% ugly colour scheme. (Score:3, Informative)
I almost never open HTML e-mail, but if you do, you also have to be aware that even if you hover over a link and check the status bar for a location that may not be show the actual destination once it's clicked.
You can always use the onmouseover and onmouseout events in javascript to change the status bar text to override the default beh
Re:80% right, 100% ugly colour scheme. (Score:5, Insightful)
I answered one incorrectly as fraud (the MSN one), and the rest perfect. But I was surprised I actually scored so highly as the test removed all the methods I use to spot fakes:
1) I couldn't see where the links were pointing as they had been removed.
2) I couldn't see the email headers.
3) I had no idea if any personal information (at the most basic level, name) was correct or not. Though I would err slightly on the side of counting any email that has personal details in it as legit, it is obviously fraud if it carries somebody else's name.
4) Am I supposed to be actually subsribed to any of these services or not? If I get something from citibank like that in my inbox, I'm going to mark it as fraud as I have absolutely nothing to do with them. (This is my excuse for the hotmail/MSN one!)
It's very possible most people don't check the first two at all, in which case I have slightly more sympathy with them seeing how confusing it can be now.
Maybe an added layer of security could be to go to the site in question and log in from there manually to check everything?
Re: 100% Bad 'test' (Score:4, Insightful)
It encorages people to base decisions based on *hunches*, which is utterly retarded. You could take a genunine email and alter the URL and you'd never know you'd been duped if you went by the examples in this test - you'd just think it looked real, click on the URL, login and end up being scammed.
This 'test' is utterly worthless as a result. You *can't* tell just by looking at the surface content of an HTML rendered email. If you can't look at the email headers or the URLs you have no way of knowing all of them arn't spoofed.
Re: 100% Bad 'test' (Score:5, Insightful)
It's kind of like April Fool's Day. Play a prank on somebody on April Fool's Day, when they're expecting it, and they might not fall for it, because they're on the lookout. On any other day, the same prank might succeed easily, because the victim is caught off gaurd.
Re: 100% Bad 'test' (Score:3, Insightful)
The reason is that there's one way you can tell: ALL the frauds had text saying "click this link" The two legitimate ones other than #9 told you to sign in, but didn't provide a link. (although they did provide other hyperlinks -- just not to the login page)
#9 fooled me because it had a link to click.
Re: 100% Bad 'test' (Score:4, Insightful)
Re:No shit, the color scheme's butt-ugly (Score:2, Funny)
pretty soon we'll have "geocities.slashdot.org" with animated GIFs of flaming skulls and crappy embedded MIDI files...
Fear...
Re:80% right, 100% ugly colour scheme. (Score:3, Informative)
http://www.earthlink.net@curvet.co.kr/curvetdb/
Seems pretty clearly not a legitimate link, and therefore fraud, to me.
I got a 3 (Score:5, Funny)
Re:I got a 3 (Score:3, Funny)
Re:I got a 3 (Score:4, Informative)
Re:I got a 3 (Score:5, Funny)
Or, alternatively, you can email me your name as it appears on the credit card, your card number, and expiration date and I will remove your card information from their system.
Re:I got a 3 (Score:5, Interesting)
Re:I got a 3 (Score:3, Informative)
though, I never follow the links, I do browse to the site just in case.
I was a little angry at paypal for doing this because the fact that legitimate companies DO send emails with links, the average joe or jane lets down their defences to actual phish emails.
This sucks for me because my girlfriend and family are non-geek persons and I have to explain to them to never NEVER follow links fr
Re:I got a 3 (Score:5, Insightful)
The only example that really made me think was the MSN account expiring message. At first I thought that had to be a fake because what's the point of sending you an email telling you that you need to log into your email to save your account? Then I realized it was actually an ad for a related pay MSN service and immediatly knew that it was real.
Re:I got a 3 (Score:4, Insightful)
I've recently been getting some spam that has my name and some address info in the subject line. It's obviously spam, and someone trying to rip me off. I've also been getting a lot more 419 spam, and that usually has my name (although they always refer to me by my last name *sigh*). But I just wanted to point out that we all probably have a lot of info about us out there ready to be used against us. As you say, it's a good "first pass" test, but nothing more than that.
This is an excellent quiz. (Score:5, Interesting)
Re:This is an excellent quiz. (Score:5, Insightful)
Re:This is an excellent quiz. (Score:3, Insightful)
I usually am suspicions but I check where the link takes me. This test wouldnt let me check this, so I assumed that the links pointed to where they said to (www.paypal.com/whatever/ points to www.paypal.com/whatever/)
I think that makes the test inaccurate. if I click a link, it should show me the real target (even if they do a fake replic
Re:This is an excellent quiz. (Score:5, Informative)
Re:This is an excellent quiz. (Score:5, Informative)
This test is bogus (Score:3, Insightful)
Re:This test is bogus (Score:5, Insightful)
No, you just have to recognize the proper set of conditions. If an E-mail already contains correct and verifiable information about your account, or if it does not ask for any account information in the first place, it's probably legit. Otherwise, it's probably a fraud. My non-geek wife and I both took the test and scored 10 / 10.
Re:This test is bogus (Score:5, Insightful)
No, you just have to recognize the proper set of conditions. If an E-mail already contains correct and verifiable information about your account, or if it does not ask for any account information in the first place, it's probably legit. Otherwise, it's probably a fraud. My non-geek wife and I both took the test and scored 10 / 10.
Congratulations. However, by ALLOWING YOUR FINANCIAL INSTITUTION to send you correct and verifiable information over email, and since email is sent unencrypted they have in effect, published your information to the web at large. I would consider this a CONTRIBUTION TO FRAUD, and therefore equivalent to fraud, in my book. If I were to get that kind of information from a bona-fide financial institution I'm associated with, I will immediately contact them and treat it like an actual fraud-- change my account, etc.
This site is bogus because it is giving you a false sense of security...
Catching them on the subtleties (Score:5, Insightful)
Some of these fraud mails looked really legit and were mainly given away by the fact that their URLs went to something like fraudprevent-visa.com instead of fraudprevent.visa.com. fraudprevent-visa.com is a domain name that may or may not be affiliated with Visa, while fraudprevent.visa.com is a subdomain of Visa.com, meaning it's not 100% safe, but much more likely to be legit.
But asking people to know this difference is asking a bit much of them. What might be interesting would be a "Phisher Identifier" built into mail clients that could identify bogus or unauthorized URLs based on a very carefully maintained database of legitimate URLs.
Seems that a plug-in could be written for Outlook, Eudora, etc.
- Greg
Re:Catching them on the subtleties (Score:3, Informative)
Re:Catching them on the subtleties (Score:3, Informative)
Of course there would be numerous roadblocks to implementing this sort of thing, not the least of which being HTML rendering quirks in Outlook, Eudora, etc. that would have to be thoroughly accounted for.
I'll stick to doing things by hand (I didn't miss any, like most
Re:Catching them on the subtleties (Score:3, Interesting)
Heh, the other day I got an email from EA concerning my Ultima Online account, asking me to provide some account details. The URL in the mail pointed to some weird domain I had never heard of, not ea.com or uo.com. Turned out, the email was completely legit... the URL was for some subcontratcor or affiliate of UO. Boy did they regret that, they must hav
Re:Catching them on the subtleties (Score:5, Informative)
This one just tell you to log into the MSN site, it
doesn't provide a bogus link or anything.
2nd email:
This one does provide a link, plus for some reason
the url args flag my personal danger
heuristics. The jagged do this or else tone of
the email also doesn't seem like it originates
from a company that relies on it's customers
3rd email:
It doesn't seem that ebay would hire a third
party to create an ID system that the users
would have to shell out money for. That mixed
with the external link give it away.
4th email:
I personally hope a bank doesn't deal with
security issues by relying on internet
communication, but it doesn't sound right for
a bank to contact a hacked account victim
through email. Plus the 4 appended to the www
part of the url makes it seem that it could
possibly be a false url.
5th email:
This email does not provide an external link
tells you to go to the paypal. It also helps
that the email also says to always type in the
url manually.
6th email:
Again with the threatening tone, but more
clearly does this yell fraud when at the
bottom of the email there is a blurb that
says that "This is a promotional message from
EarthLink". Definate cut and paste job.
7th email:
see 3rd email
8th email:
threatening tone..., external url
9th email:
It helps that I've seem emails like this, but
in this email you are not asked to provide any
data, except for the tracking number in the
url, which they provided.
and lastly, the 10th email:
A button! A button can be used to hide the url
from the casual user, and looking at the html
shows that it goes to www.service-visa.net,
which doesn't seem right for a COMmercial
enterprise to have.
./ing (Score:2)
Re:./ing (Score:3, Funny)
I call BS on that "test" (Score:4, Insightful)
Any nerd worth his salt knows to first check the headers of the e-mail and Lookup the IP [dnsstuff.com] to see where the mail really came from, and/or view the source of the HTML and identify obfusicated URL redirects. Then again, any IT guy who is using HTML-enabled e-mail should have his geek license revoked in the first place.
Re:I call BS on that "test" (Score:5, Funny)
any "nerd" would run his own DNS server and wouldn't need web-based turd like. Poser.
Re:I call BS on that "test" (Score:2)
FYI, I run my own DNS of course. But I use IPWHOIS from Dnsstuff. It's a nice, fast service and it's faster than doing it from the shell, and it has nice links so I can e-mail admins or drill-down to see who's in charge of IP blocks.
Re:I call BS on that "test" (Score:2, Insightful)
Maybe you don't live in the real world, but in my company we deal with clients that send HTML emails when plaintext would do, we send HTML (or even Flash) newsletters for clients, and we have a 1-5 geek ratio. So checking headers, looking up the IP originator, or viewing the source isn't an option for the four of us that aren't geeks.
Since I'm one of the geeks, I do my best to educate and inform my colleagues. But I can't do that for everyone - my wife's grandparents will probably fall
I call BS too, but for 2 different reasons (Score:3, Insightful)
1) Does it make sense that I would get this? If I don't use US Bank, for instance, it's obvious it's fraud. But for the sake of the test, I think they assume you're involved with those companies, and that's okay.
2) More importantly, they don't let you check where the links are going to. If I rollover "www.paypal.com" and in
Re:I call BS on that "test" (Score:3, Interesting)
lynx -dump filename.html
It's scary how many people fall for this stuff. (Score:5, Insightful)
When it's that easy, you can't even call it social engineering. It's just social nudging, and people are ready to fall for it.
Re:It's scary how many people fall for this stuff. (Score:3, Funny)
Click here to install a virus on your computer. [microsoft.com]
Still Waiting! (Score:3, Funny)
Entirely Factual? (Score:2)
I got 3 correct (Score:2)
What's wrong with Phish emails? (Score:2, Funny)
-phozz
Heh. (Score:2)
Flip back to and refresh /. to see that almost a third of email users don't have the third of a clue it would take to recognize this crap for what it is. "We has noticed a high level of suspishous attemtpts to access your account and brute force your PIN..."? Um. Okay.
Invalid test (Score:2)
Breaking News: (Score:5, Funny)
Pictures at eleven.
Re:pre-emptive grammar-nazi (Score:5, Funny)
Normally I'd suggest that you should check the spelling in a dictionary first; but did you know that "gullible" isn't in the dictionary?
Five minutes to figure it out. (Score:5, Informative)
My parents got an e-mail stating that we were charged $3000 for a new Dell laptop. Nevermind that we all use Macs.
So I check out the site... Looks professional, seems legit, but it asks for a bank account and social number on a non-secure connection... Phishy?
I checked out the root domain of the given address and ran a search to see to whom the site was registered. Definitely not a real company, an individual, and the root domain didn't exist as an accessible webpage. Not the kind of thing that is very professional. I bounced the e-mail back and dismissed it. Our credit bill the next month didn't have a Dell laptop on it. What do you know?
All it takes is some common sense to get out of these things, but perhaps real companies should start adopting S/MIME or PGP to ensure their identities to make it more apparent to a layperson.
Of course, a false company could just as easily hide behind these "foolproof" authentication mechanisms.
Unfair test (Score:5, Informative)
In this test *ALL* links pop up to a "for the purposes of this test, this link has been suspended" This makes the whole thing useless.
Anybody can copy a legit paypal or eBay email and change a few words and make it "look" real. The key is in the links and the data mining.
Re:Unfair test (Score:3, Insightful)
Let the user login as usual, and he/she will be safer.
That logic gave me a 10/10 result on the test.
Re:Unfair test (Score:5, Informative)
Is this test not Firefox friendly? If not, why didn't the story say so? (don't a lot of people on
retarted test (Score:2)
10/10 anyway (Score:3, Informative)
Just viewed the source of the pages, easy enough to t
Well, revoke MailFrontier's geek license (Score:2)
It's phishING people. (Score:2)
Now plot this data vs. time (Score:4, Interesting)
hard? (Score:5, Informative)
At the very least, copy and paste the URL rather than click it, and study it for 3 seconds before going to the site to make sure it looks like the site you think you're going to.
Legitimate Emails (Score:2)
More proof that content-based filtering is useless (Score:2)
A simple check of the source IP of the mail relay is the most reliable method of identifying phishing scams. Many of us who primarily use RBLs to block spammers don't
Companies do not help. (Score:3, Insightful)
What caused me to think it was fraudulant? Well, the URLs in the email was going for something like sony.<somecompany>.com. The URL did not finish with "sony.com". The only way to figure out if an email is phoney or not is to check the URLs (assuming your browser does not have the famous URL bug which shows you a legite URL but once clicked, sends you to another site while still showing the legite URL in the URL bar), but when companies use 3rd parties to email their users and provide services, they cause these confusions.
Talk to Verizon (Score:5, Interesting)
I thought it was a scam, but left it in my inbox. Two weeks later my service was shutoff. Apparently the message was legit.
After I got the problem straightened out, I sent them a very nasty, yet informative, e-mail and they agreed that they will review their e-mail policies and apologized for sending such a message to begin with.
Re:Talk to Verizon (Score:4, Interesting)
They're not the only company to have this problem. I signed up for email from Palm, but never clicked on the links because they were always in the form of "palm.somemarketingcompany.com/offer/etc".
I finally went to the Palm site's Contact Us link and sent a note. To my surprise, they replied quickly and said the same thing -- they're re-evaluating their email procedures.
Happy ending: about a month later, the URLs all pointed to a clearly Palm-owned domain, and I'm considering replacing my over-the-hill Palm III with a refurbished low-end Zire (underpowered, but cheaper than eBay).
nice link! (Score:5, Funny)
These bastards will stoop to anything! (Score:2, Funny)
Mirror of test examples (Score:4, Informative)
http://www.littlecutie.net/temp/slashdot/ [littlecutie.net]
Only one I got wrong... (Score:2)
So I got 9/10 because MS is an even bigger bunch of assholes than I'd have thought. Wow.
Sweet! (Score:2, Funny)
I guess they are getting better (Score:2)
Here's one [amon-hen.com] I got a while back. It wasn't quite taken in buy it.
I took it earlier today from the msn link... (Score:2)
The big kicker? When I hit "Score" it wiped my answers and started me over. I wanted to see the results and did not want to retake the thing because it took so long so I marked the first one as ok and the rest as false because I was in a hurry and pissed at this point.
I got an 80% score as a result, and then I wondered if anyone else had the same problem and if it sk
No foolin' a slashdotting... (Score:2)
i did an in-depth on one of these i got awhile ago (Score:3, Informative)
Anatomy of an embryonic identity-theft-by-email [kuro5hin.org]
9 out of 10 right, but that doesn't mean... (Score:3, Insightful)
If I get any message that smells remotely like phish (i.e. any email that tells me to do something with my account), I go to my browser, and visit the site by manually entering the name of the website. If it then turns out to be a bogus email, I send a copy to the admins of the site, so they can track the insensitive clods down, and do whatever it is they do with them.
The IQ test would be a lot easier with access to full mail headers, too...
The solution is at hand (Score:3, Funny)
PS we have found that sending us naked pictures of your wives/girlfriends increases the accuracy and efficiency of our blocking engines so for the highest quality of service include a few piccies.
My girlfriend got an email last month... (Score:3, Interesting)
That was the coolest hotel [renaissancehollywood.com] I've ever stayed in. The show sucked, but the view from the room [24.211.224.125] almost made up for it.
Re:My girlfriend got an email last month... (Score:3, Interesting)
Free trip to Redmond, tour of the new Experience Music Project, *three* Pocket PCs and a bunch of other swag... and they actually listened to what a bunch of Palm fans with a general bias against Microsoft thought and significantly improved Pocket PC 2002 as a result.
(am I using a Pocket PC now? N
Haha, this is just too fucking funny: it needs IE (Score:4, Informative)
So is it taking advantage of an IE security bug, or what? (For the record, I just checked it with Firefox and it does the same thing, so this is not just Opera being a piece of crap.)
(I'll probably get modded down, and deserve it too, but I'm too amused at the moment to care.)
Broken in Mozilla (Score:3, Interesting)
Some bad examples (Score:3, Insightful)
In fact, I've seen a version very similar to the credit card expiration link that warns about typing in the URL but then goes ahead and provides a clickable link anyway. When you look at the code, the link actually goes to a completely different URL than what is displayed, using the old trickery of "http://paypal.com@12356789/cgi-bin/trickedyou.cg
For those not familiar with the trick, "paypal.com" in the above url is the login name the web browser is instructed to provide to the web server while 12356789 is the decimal representation of the web server IP address.
Only the shipping notice fails to smell fraudulent. Even that could be rigged if you wanted to, by having the tracking link require you to "open a free UPS tracking account."
Of course, if they'd provided the entire emails instead of just the html representation, any techie could have sorted it out. But not the mere mortals.
This test does not reflect a real life situation.. (Score:3, Interesting)
All the fraud-mails I get refer to illegitimate websites or servers in China or Russia.
An other way to check the validity of the mail is to check the mailheaders and see is they are correct.
But still I scored 70%
The funny thing is I would have scored 100% is this was for real. Why? I don't do PayPal, Visa, Earthlink and so on
And GENERAL MOBUTU is not my african friend, so I'm not falling for his sweet talk either...
What a stupid test (Score:3, Insightful)
The morons who run the test changed them all to point to their own site; so every one of them is clearly fake.
Relying on any other content in the email is just stupid; the phishers will just improve their spelling and wording until it starts fooling enough people again.
good way to tell (Score:3, Informative)
Re:Sadly, most of those fooled are lower class (Score:2, Insightful)
Re:Sadly, most of those fooled are lower class (Score:4, Interesting)
Re:Email #6 is Fraud??? (Score:3, Informative)