Phish Scams Fooling 28% of Users 618
Etaipo writes "Anti-spam firm MailFrontier Inc has done some testing with consumers to see if they could differentiate between legitimate e-mails and phish scams. The results, to me, were pretty shocking.
The company also has provided a similar test on its web site. Get an answer wrong, and we revoke your geek license on the spot."
This is an excellent quiz. (Score:5, Interesting)
Not my users (Score:0, Interesting)
Needless to say, this policy is entirely foolproof as a means of deterring so-called "phishing" in my workplace. I haven't heard any complaints, so I can only assume that the users enjoy my protecting of their identities.
Sincerely,
Seth Finklestein
Proud Systems Administrator
Now plot this data vs. time (Score:4, Interesting)
Re:I got a 3 (Score:5, Interesting)
Talk to Verizon (Score:5, Interesting)
I thought it was a scam, but left it in my inbox. Two weeks later my service was shutoff. Apparently the message was legit.
After I got the problem straightened out, I sent them a very nasty, yet informative, e-mail and they agreed that they will review their e-mail policies and apologized for sending such a message to begin with.
Re:script kiddies in the media! (Score:5, Interesting)
Phishing also has the connotation of hoodwinking users, getting passwords, whatever, not just credit card info.
My girlfriend got an email last month... (Score:3, Interesting)
That was the coolest hotel [renaissancehollywood.com] I've ever stayed in. The show sucked, but the view from the room [24.211.224.125] almost made up for it.
Re:Talk to Verizon (Score:4, Interesting)
They're not the only company to have this problem. I signed up for email from Palm, but never clicked on the links because they were always in the form of "palm.somemarketingcompany.com/offer/etc".
I finally went to the Palm site's Contact Us link and sent a note. To my surprise, they replied quickly and said the same thing -- they're re-evaluating their email procedures.
Happy ending: about a month later, the URLs all pointed to a clearly Palm-owned domain, and I'm considering replacing my over-the-hill Palm III with a refurbished low-end Zire (underpowered, but cheaper than eBay).
Email #6 is Fraud??? (Score:1, Interesting)
Re:Catching them on the subtleties (Score:3, Interesting)
Heh, the other day I got an email from EA concerning my Ultima Online account, asking me to provide some account details. The URL in the mail pointed to some weird domain I had never heard of, not ea.com or uo.com. Turned out, the email was completely legit... the URL was for some subcontratcor or affiliate of UO. Boy did they regret that, they must have gotten thousands of questions about that.
Re:I call BS on that "test" (Score:3, Interesting)
lynx -dump filename.html
Re:My girlfriend got an email last month... (Score:3, Interesting)
Free trip to Redmond, tour of the new Experience Music Project, *three* Pocket PCs and a bunch of other swag... and they actually listened to what a bunch of Palm fans with a general bias against Microsoft thought and significantly improved Pocket PC 2002 as a result.
(am I using a Pocket PC now? No, in fact I'm using an older Clie and have no idea where I'm going to go when it eventually fails... all the new models have that damned "Graffiti 2")
REGISTER.COM did (Score:1, Interesting)
They need a bonehead-of-the-year award for that little stunt.
Re:Sadly, most of those fooled are lower class (Score:4, Interesting)
Broken in Mozilla (Score:3, Interesting)
Perhaps a Mozilla plug in would help here? (Score:2, Interesting)
Mozilla plug in that traps HTML anchors, and if they don't match what they are linking to, shows a popup -
"Are you sure you want to click this link? Because it really points to here..."
It could even attach a danger level to the popup. e.g. a mouseover status bar change to another URL would be questionable, as would dodgy characters in the URL to cause problems (there was one with a % in it floating around a while ago). Maybe even a database of fraudulent websites? It would have to remember the false positives to prevent annoyance.
Just an idea. Somebody might have already done it. I wouldn't know where to start to write it, but if this was a software patent - it wouldn't matter.. snigger
This test does not reflect a real life situation.. (Score:3, Interesting)
All the fraud-mails I get refer to illegitimate websites or servers in China or Russia.
An other way to check the validity of the mail is to check the mailheaders and see is they are correct.
But still I scored 70%
The funny thing is I would have scored 100% is this was for real. Why? I don't do PayPal, Visa, Earthlink and so on
And GENERAL MOBUTU is not my african friend, so I'm not falling for his sweet talk either...
Bogus test (Score:1, Interesting)
In short : this test is BOGUS.