Forgot your password?
typodupeerror
Security Spam United Kingdom IT

420,000 Scam E-mails Sent Every Hour In UK Alone 71

Posted by CmdrTaco
from the stop-clicking-you-fools dept.
An anonymous reader writes "More than 420,000 scam e-mails are sent every hour in the UK, according to a report by CPP, which estimates that Brits were targeted by 3.7 billion phishing e-mails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285. Fake banking e-mails are the most common method used by criminals, with 55% of those targeted receiving seemingly legitimate e-correspondence from high street banks."
This discussion has been archived. No new comments can be posted.

420,000 Scam E-mails Sent Every Hour In UK Alone

Comments Filter:
  • by eldavojohn (898314) * <eldavojohn.gmail@com> on Wednesday June 16, 2010 @08:53AM (#32589510) Journal

    A quarter of us admit to falling victim to e-fraudsters ...

    Okay so the population of the UK is what? Sixty million? So a quarter of that would be fifteen million. Fifteen million victims.

    ... with the average victim losing over GBP285.

    Okay the details in the article are scant but I assume they are talking about the mean and not the median. If that's true then 285*(1.5*10^7) = over four billion quid? And that's about six billion USD.

    My gut reaction is to question this survey or whatever means they used to collect the above information. I can't find anything but this news article on their site [cpp.co.uk], anybody have a link to the original report so we can inspect their methods?

    • Re: (Score:3, Insightful)

      by nopainogain (1091795)
      I gotta wonder how many British internet/email users are kind of naive to the nature of the crime. I mean even my 58 year old mother has heard of two or three of the common phishing types. That sounds like a high number of victims to me. Maybe I'm misreading the author's intent.
      • I mean even my 58 year old mother has heard of two or three of the common phishing types.

        Since most of the modern mail clients have some reasonably successful way of flagging or ditching suspicious emails (given that most reputable ISPs filter the most egregious examples to /dev/null), she usually won't even need to think about it these days.

        It might be unfashionable to say this, but there's a lot to be said for running a localhost-based email client (e.g. thunderfart or whatever works for you) rather
    • by Kjella (173770) on Wednesday June 16, 2010 @09:00AM (#32589556) Homepage

      They probably did an email survey with subject "Have you been scammed?". 28% that answer useless unsolicited mail probably have been scammed.

      • by Chrisq (894406) on Wednesday June 16, 2010 @09:21AM (#32589696)

        They probably did an email survey with subject "Have you been scammed?". 28% that answer useless unsolicited mail probably have been scammed.

        They were probably disappointed that the second line didn't read "The Nigerian government have a compensation scheme. Our records show that you are entitled to $20,000 thousand US dollars. Email me at ministeroffinance152342@hotmail.com for details of how to make a claim."

      • Re: (Score:2, Funny)

        by Anonymous Coward

        "They probably did an email survey with subject "Have you been scammed?""

        ----
        Have you been scammed?

        Click here to find out more!

        [clicks on link]

        Congratulations! Now you have been.
        ----

      • by noidentity (188756) on Wednesday June 16, 2010 @09:41AM (#32589836)
        Yeah, I got one of those email surveys. I only had to pay $10 to find out whether I had been scammed in the last 12 months. Unfortunately, they replied back that I had, though they didn't give any details about when. I'm still trying to figure it out.
        • by Chrisq (894406) on Wednesday June 16, 2010 @09:53AM (#32589964)

          Yeah, I got one of those email surveys. I only had to pay $10 to find out whether I had been scammed in the last 12 months. Unfortunately, they replied back that I had, though they didn't give any details about when. I'm still trying to figure it out.

          But if they told you that you had and they were scamming you then it was not a scam ...... but that would mean that they told you the wrong answer, in which case it was a scam .... so the answer was right ..... my brain hurts (stack overflow).

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Seeing as how you are a brit, could you clarify something for me?

          We get V1Ag4A spam in our mail, do you happen to get t00thp4st3 spam? I've always wondered about that.

          • Re: (Score:3, Funny)

            by L4t3r4lu5 (1216702)
            Indeed we do. Clinical testing has proven that when applied to the "mini-me" orally by your wives, erectile performance improves dramatically.
            • Clinical testing has proven that when applied to the "mini-me" orally by your wives,

              Whoa... polygamy is legal in the UK? I never figured you guys would be down with that.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      For only £29.95 I'll mail you my *FREE* pamphlet "Great British E-Mail Scam of the Elizabethan Age and How to Profit By Them in This Age of Innocence". -Jonathan Swift, Managing Director, Barclays Bank PLC.

  • ...how long until the general public has caught on to the point where Spam is no longer profitable? Then again, I would assume the costs associated with it are fairly low...

    Still, how are people dumb enough (or just ignorant enough) to click on spam in 20-freakin-10?

    • Re:I wonder... (Score:4, Insightful)

      by davmoo (63521) on Wednesday June 16, 2010 @08:58AM (#32589544)

      Instead of waiting for the general public to catch on, which simply is not going to happen, a better question would be how long is it going to be before ISPs and providers update email protocols so that fake emails are simply not possible (or at least make it a lot harder than it is now)?

    • Re:I wonder... (Score:5, Insightful)

      by MoonBuggy (611105) on Wednesday June 16, 2010 @09:04AM (#32589576) Journal

      I think it's sensible to make a separation between phishing and other spam. If you click on an email advertising V14GR4, I'm quite happy to stamp 'Moron' across your forehead and be done with it. I wouldn't be nearly so hard on someone who gets a message which is identical to previous correspondence from their bank, but contains a link to l|oydstsb.com rather than lloydstsb.com, for example.

      Of course, even the best phishing email is useless against a well educated user, and I think the 25% figure sounds very high, but I can somewhat sympathise with those who fall for a well-crafted phishing scam in a way that I can't for those who end up on the wrong end of a semi-literate 419 email.

      The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this [paypal-marketing.co.uk] site is, in fact, legit.

      • Re:I wonder... (Score:5, Insightful)

        by internewt (640704) on Wednesday June 16, 2010 @09:30AM (#32589772) Journal

        The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this [paypal-marketing.co.uk] site is, in fact, legit.

        The holy grail of business is to turn costs into profits. Whilst spam, phishing, owned accounts, etc. look like costs to Paypal, they will very much be looking to change those to profits if possible.

        I don't use paypal, as it has always reeked as far as I am concerned, but as I understand it they will freeze accounts at the drop of a hat, for various reasons. If they have just 1% of accounts frozen at any one time, that will be a decent chunk of cash, and they can earn interest on it, and all the other shit capitalists can do when they have capital.

        So is it in PP's interests to freeze accounts? If so, they need excuses, and security is always a good-un. They might not purposefully confuse users, they just give the ones willing to take the wrong end of the stick, the wrong end of the stick. PP sending out emails that look like scam emails is just them offering "the wrong end of the stick".

        To geeks, it should be pretty straight forward - always, always, always, use the paypal.com domain for anything PP related. Never have other domain names. The drive for profit comes along though, and PP want to totally fill search results for escrow (or whatever) to drown out the competition. Or more importantly, those dirty commies looking to be critical of paypal, or their industry.

        • I don't use paypal, as it has always reeked as far as I am concerned, but as I understand it they will freeze accounts at the drop of a hat, for various reasons.

          The latter has always bothered me, but still Paypal does offer a very useful service. My take on it is that a wise shopkeeper doesn't leave his day's takings sitting in the till, he puts them in the hands of someone he can trust (his bank, or in a safe). He doesn't leave them sitting there for some opportunist to come and snatch away.

          I don't co
          • he puts them in the hands of someone he can trust (his bank,

            As a Brit, I assure you that a UK bank is not somewhere you can trust if you run a business. I'd rather do business with the mafia - at least they are honest about being criminals.

            • Banks are not perfect, but if they freeze your funds you at least have the option of smashing your local manager's kneecaps. With Paypal you have to work hard to even find someone to complain to, and no guarantee that he'll listen.
    • Re: (Score:3, Informative)

      People who I've witnessed who got suckered:

      Elderly people. They have this attitude that because the offer showed up on their machine, it must be legit. Older folks are a bit more trusting - generally speaking. Of course, that's a generalization. My Dad is one hell of a cynic and when he die and if there's a Heaven, St. Peter is going to get a lot of shit. "How do I know this is really Heaven? Put it in writing!"

      Uneducated people. These are also the people who buy shit from infomercials that will "cleanse th

      • Re: (Score:3, Insightful)

        by Chrisq (894406)

        Uneducated people. These are also the people who buy shit from infomercials that will "cleanse their colon" and attend hotel ball room "lectures" on how to make hundreds of thousands of dollars trading stocks - all you have to do is pay $1200 for their "special" trading program. Of course, there are some really street smart uneducated people who get one over on MBAs - so I'm speaking about my experiences, only.

        I think the "street smart" is more important than educated. I worked with a really intelligent guy, a brilliant systems programmer who signed up for timeshare he couldn't afford in a place he didn't want to go to because the agent convinced him that he could make a fortune in subletting the share.

      • Re: (Score:3, Interesting)

        by John Hasler (414242)

        > People who I've witnessed who got suckered:

        Young people. They have this attitude that they can safely put all sorts of private and embarrassing stuff up on FaceSpace because they are "streetsmart" and know how to twiddle the privacy settings so that only their "friends" can see it.

        Educated people. These are also the people who paid $40,000 for a car with an electric transmission because it was "green" and Japanese rather than a $10,000 Chevy that got better mileage. They also got sucked into the "fa

    • by jimicus (737525)

      If the general public was ever going to catch on, they'd have done so by now.

    • Re: (Score:3, Interesting)

      by vlm (69642)

      how long until the general public has caught on to the point where Spam is no longer profitable

      You're assuming the scammers and the emailers are one and the same.

      Much more likely you have the scammers fronting some money to the emailers. As long as theres one scammer out there with a hairbrained business plan, the emailers will be hired and put to work.

      Don't know if the UK situation is similar to the US situation, but in the US its almost a stereotype that some percentage of people whom take out home equity lines of credit set up a retail store, despite the complete lack of experience, selling stuff

    • Re:I wonder... (Score:4, Interesting)

      by Rogerborg (306625) on Wednesday June 16, 2010 @10:16AM (#32590170) Homepage

      how are people dumb enough (or just ignorant enough) to click on spam in 20-freakin-10?

      Not spam, phishing.

      I used to receive barely literate mail shots, with my bank's domain in the "From:" field. Tracking back the IP revealed that the sender was a 3rd party with a domain registered to a caravan (trailer) park.

      When I reported this to my bank as either a phishing attempt, or breathtakingly bad practice on their part, I got a snotty reply saying that this was a genuine mailshot via a 3rd party, and that this (by which they implicitly meant "faking headers") was standard practice. They genuinely could not understand why I had a problem with them sending out exactly the sort of faked email that they were regularly warning me about.

      Needless to say, I changed banks shorty afterwards, but the lesson is that the line between legit and fraudulent is thin and wiggly.

  • This is precisely why I've gone back to smoke signals!

    I'd try telegraphy if I could be assured that no Viagra ads would come my way or that yon' government agencies would not intercept...

    Cheers!

    --Stak

  • Sent? or Received? (Score:3, Insightful)

    by benwiggy (1262536) on Wednesday June 16, 2010 @09:06AM (#32589586)

    "420,000 scam e-mails are sent every hour in the UK"....?

    Surely it means that these emails are received? They are not all generated in the UK.

    Well, not the ones I get, which clearly use poor English or American spellings. (Note that I distinguish between the two.)

  • Obviously, there is a small industry behind scam emails: people that harvest emails, ones that come up with "scam campaigns" (fake pay-pal or citibank solicitations), developers, IT to maintain servers, etc. It's hard to imagine that 420K scam emails an hour in UK alone are sent by a few amateurs.
    • by jimicus (737525)

      Actually, I don't have a huge problem believing it's a relatively small number of people doing it. The initial emails at least are most certainly NOT sent out by means of someone clicking "New message", filling in the To:, subject: and content and hitting send.

      • Re: (Score:3, Insightful)

        by John Hasler (414242)

        > Actually, I don't have a huge problem believing it's a relatively small
        > number of people doing it.

        It's a large number of people doing it (unknowingly).

        > The initial emails at least are most certainly NOT sent out by means of
        > someone clicking "New message", filling in the To:, subject: and content and
        > hitting send.

        No. They just turn on their pcs. The bot handles all the details in the background.

  • I could be sent a phishing email. I could click the link. I could provide the phisher with 3 numbers from my pin, and 4 characters from my password. Over time, I could provide them with the whole PIN and password.

    What could they do with this information?

    Pay my bills and nothing more.

    Why?

    Because I have a card reader that provides an encrypted string after I provide it with my chipped card, PIN and a string from the website. I need to do this for every new transaction.

    I still believe that only the greedy get
    • Re: (Score:3, Interesting)

      by Chrisq (894406)

      Why? Because I have a card reader that provides an encrypted string after I provide it with my chipped card, PIN and a string from the website. I need to do this for every new transaction. I still believe that only the greedy get scammed.

      Unfortunately you might need to re-sync [nationwide.co.uk] it to gain the full security benefits.

      Seriously there is one thing that is terribly wrong with these card readers. They are a gift to muggers. They can be used to verify the pin for a credit or debit card - even ones from other issuers. They don't even have to risk marching you to a cashpoint and forcing you to withdraw money, they can do it all from the comfort of their own crack-house. I complained to the bank and they pointed out that a card would be locked out

      • by jez9999 (618189)

        Seriously there is one thing that is terribly wrong with these card readers. They are a gift to muggers

        The real problem is with fraudulent card use over time. Most debit cards have a withdrawal limit of £300/day. If you get mugged, you may lose £300. Go cancel the card immediately, and that's it. Fraudulent use over time is stopped if they have to know the PIN... if they know the PIN, you'll probably know that they know it.

    • by MoonBuggy (611105)

      Plenty of banks don't provide this tech, and those that do tend to treat it as infallible (i.e. the blame automatically rests on the customer if the account is compromised).

      Kevin Mitnick's "The Art of Deception" contains several examples of using social engineering to overcome multi-factor authentication such as this, and while they may not be worth the effort for bulk-attack phishing, they could easily have a worthwhile payoff if used against a wealthy target.

      Even simpler is the option of using the phished

  • The best spam stopping tool is still an alert, critical mind!
    • Re: (Score:3, Insightful)

      by Chrisq (894406)

      The best spam stopping tool is still an alert, critical mind!

      And that's precisely why so many people end up being scammed.

    • Re: (Score:3, Informative)

      The best spam stopping tool is still an alert, critical mind!

      I'm not sure what you mean.

    • by Rogerborg (306625)

      The best spam stopping tool is still an alert, critical mind!

      Ridiculous. The mind has the consistency of blancmange. You'd need something at least as solid as tuna chunks or a crispy donut to stop spam.

      • > You'd need something at least as solid as tuna chunks or a crispy donut to
        > stop spam.

        Or steel plate if it is still in the can and fired from a decent beer-barrel cannon.

  • I posted an advert on Craigslist, then someone replied stating that they'd give me £410 for a £230 object if I were to send it to Africa. They faked an email from paypal, saying they'd payed, hoping I'd send it away. But fortunately I'm not stupid enough to think that emails are always real. I went to Paypal by typing the domain in, and sure enough, it was blank, and it was a fake. I emailed the person back disappointed that they'd try to scam me. The person's email (for all to block) was sndrco
    • It is amusing that you would spell out the email (to avoid it being spammed) of someone who scammed you, what courtesy! (Or is it because of the slashdot filters? Either way, I lol'd :p
      • by dandart (1274360)
        I assumed the filters would get me. I didn't check. And of course, courtesy! I don't stoop to their level! Heh.
  • Being a brit myself, i guess i can see the humor behind this all, but my guess is pc users are missing some element of
    know how when it comes to being up to date with all the security issues of today. Up to date with your AV, not opening emails with attachments....scanning every file before opening, etc, etc.... seems to me too many users are security
    illiterate.

  • Anyone get one of those surveys asking about the utility of /.? They use your /. account details and email (from a comment posted, I guess), and how they're doing research for some university in China? (Hong Kong, actually, but China is accurate).

    I never answered mine - there was a little nagging feeling at the back of my mind saying "scam!!!" which is enough to avoid it.

  • One per inhabitant of the UK - every six days. I'd love to get one only every six days.

  • More than 420,000 scam emails are sent every hour in the UK according to a report by CPP which estimates that Brits were targeted by 3.7 billion phishing emails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285 each.

    First of all. . , who exactly is "CPP"??

    It took a bit of Google confusion to determine that it's this some bullshit corporate security racket...

    http://www.cpp.co.uk/about-cpp/ [cpp.co.uk]

    It appears that their business model is based around selling security devices and systems, featuring ID cards as one of their premier items. The interests here are just a BIT conflicted.

    Second of all. . . Sorry, but as much as I think the herd is idiotic, I simply don't believe that one in four Brits is THAT stupid.

    Lies, damned lies

  • You mean I didn't really win the UK lottery? Oh no, I was so counting on that.

  • They have a big stake in the market, and have one of the most pernicious, devious and downright aggressive marketing and sales tactics it's ever been my displeasure to be on the receiving end of. So don't just take those numbers with a ladle-full of salt, take them as plain "marketing bullshit dressed up as research and regurgitated by lazy publishers"

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...