Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

3.2 Billion Dollars Lost to Phishing in 2007 112

mrneutron2003 brings us FastSilicon's summary of a Gartner survey which found that 3.2 billion dollars were lost in 2007 to phishing scams. "Gartner's latest survey into the realm of phishing attacks paints a rather bleak picture for 2007, with a record estimated loss of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall loss per incident fell (to $886 from $1,244 lost on average in 2006) but the numbers of individuals who fell victim rose quite sharply from 2.3 Million in 2006 to a staggering 3.6 Million. Though online portals Paypal and eBay remained the most spoofed brands, it appears phishers are getting more creative utilizing fake electronic greetings cards, foreign businesses, and charitable organizations in their attacks on consumers. Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley.
This discussion has been archived. No new comments can be posted.

3.2 Billion Dollars Lost to Phishing in 2007

Comments Filter:
  • But my bank protects my money, right?

    For years, I couldn't get a credit card because my credit was terrible, so I had no choice but to sign up for internet porn using my debit card (what else was I supposed to do? go without?)

    So, I figure that my debit card # is sitting in a few forgotten databases around the internet. I'm not worried though, because ultimately, my BANK is liable, not me.
    • There's less protection for debit cards than credit cards. I think that with debit cards they may make you jump through more hoops before restoring your lost funds. So I'd change your pin.
      • Re: (Score:3, Informative)

        by CastrTroy ( 595695 )
        That all depends on your bank. I got my debit card duplicated and somebody took $500 out of my account. The bank called me up before I even noticed the money was missing. They asked if I made the charge. I said I didn't, and the money was back in my account within 5 days. I had to go down to my local branch and pick up a new debit card, but there was very little trouble on my part. Just as a reference, my bank is TD Canada Trust [tdcanadatrust.com].
    • by dada21 ( 163177 ) <adam.dada@gmail.com> on Wednesday December 19, 2007 @11:05AM (#21752136) Homepage Journal
      Get yourself a disposable credit "debit" card from any discount store (Wal*Greens, etc). GreenDot is very popular with the black market types. You can even use it on gambling sites, supposedly.

      The best part of the disposable cards is that you can cap the spending without fees. If you're buying something for $500, put $500 on it, and don't refill it. A few times a year they have deals where the cards are free as is the first deposit, so pick up a few grand worth of them at various levels and you're set.

      From what I know of the people who use them alot (google Rosemont, Illinois), they're also a great way to exchange money without anyone tracking it. Just what I've heard, though.
    • Sure, send me your Debit card and lets see how liable you are.

      The "Best" part about a Debit card is you can only spend what you have. Keep $100 in the account and refresh it daily. But if that $100 gets out, it's gone.
      • by Vexor ( 947598 )
        Actually through Wells Fargo if you have direct deposit you can get an advance at any atm. So they can take more then what you have.
    • by brunes69 ( 86786 ) <slashdot@nOSpam.keirstead.org> on Wednesday December 19, 2007 @11:29AM (#21752444)
      Anyone dumb enough to pay for something that is abundantly free deserves whatever they get.

      On another note I have an abundant supply of di-hydrogen monoxide I am looking to sell. It is extremely useful for many applications. Regularly priced at up to $4.00 / litre, I am willing to part with it for only $0.50 / litre. Msg me for details!
    • A debit card is more dangerous because ti isn't clear cut. Credit cards, the liability limits are very clear. More or less, because it isn't actually your money involved (you are being loaned the money by the bank) you are liable for anything. With a debit card you can be. It is more discretionary to the bank. With a credit card, you stop a transaction and that's it, it's done. The merchant basically has to take you to court if they want to get their money, which they won't do if they are a fraudster of cou
      • by brunes69 ( 86786 )
        In Canada legislation legally caps the amount you can be legally held liable for an unauthorized credit card OR debit card purchase to $50.

        Both Visa and Mastercard offer $0 liability. Some banks do as well. But the real crux is there is no defined time in the law to saw when you get your refund. If someone takes $1000 from your bank accont, you could be out that money for days or weeks while the investigation is proceeding. This could cause you to defualt on mortgage payments or car payments and be a real P
        • The thing is, it is still an issue of possession. In the case of a credit card, nothing has been taken from you. You are simply disputing that you owe the bank any money. Thus for them to get any money, they'd have to haul you to court. However in the case of a debit card the money has already been taken from you and you are saying you need it back. Thus if they refuse you have to haul them to court to get it back.

          Because of the nature of the transactions, you are much safer with a credit card.
    • If the debit card has a Visa or MasterCard logo, you should be protected past $50 (I think). Getting your money back is going to be a major pain, but you are protected.

      That said, you should find a better option than your primary checking account for online purchases.

      It has been a while since I working in banking, but the nice people at the major credit card companies have a lot of sway over the practices of the people using their networks.
  • We can just phish the phishers and get a lot of money back!
  • Really, all this has been covered on Ultra-Slashdot in much greater detail.

    Oh, and those of you who don't have Ultra-Slashdot, just send me your e-mail address, your Slashdot password, and your credit card number (just for verification), and I'll be sure to enable it for you...

    • by russ1337 ( 938915 ) on Wednesday December 19, 2007 @11:28AM (#21752440)

      Really, all this has been covered on Ultra-Slashdot in much greater detail.

      Oh, and those of you who don't have Ultra-Slashdot, just send me your e-mail address, your Slashdot password, and your credit card number (just for verification), and I'll be sure to enable it for you..

      Email Address: Raymond.A.Carnine@dodgit.com,

      Slashdot password is: "imFishingYouberleethaxors"

      Visa: 4916 7995 1982 5659
      Expires: 5/2008

      oh, and you may need this: SSN: 381-80-6521


      Thanks!!!!

      Raymond A. Carnine [fakenamegenerator.com]
      4882 Prudence Street
      Farmington Hills, MI 48335
      • Ok, creepy.
        I clicked on your link, and hey, that's nifty. First load, however, it gave me the exact birthday as my actual one. I wonder what their year range is. The odds of this are what, 20 or so by 365? damn!
        I wonder if they have a super unusual feb 29....
      • Thanks Raymond A Carnie, but that is only good for the phishers you don't fall for.

        I found that a popular porn filter is very good at weeding out fake business sites such as the fake pay pal and ebay fakes. This adds a strong layer of protection. They may send me a direct link to their fantastic deal on ebay, but when I get the scrubit page instead of ebay, then there is no way to give them real info by accident. Filtered internet is good for more than keeping the kids from surfing porn all day.

        I have tr
      • Just for grins I looked to see if any unlucky bloke would start getting demand letters in the mail. Google maps returned;
        "Your search for 4882 Prudence Street, near Farmington Hills, MI 48335 did not match any locations.

        Suggestions:

        * Make sure all words are spelled correctly.
        * Try different keywords.
        * Try more general keywords."

        This BS detector might be useful for sellers who get a ship to which isn't the same as the bil
        • Good idea to circumvent people using fake addresses in webforms. I guess they'd also have the problem of dealing with people that live in new streets/appartments that Google hasn't yet entered.

          And yeah, the information that fakename generates makes no attempt to be valid - its just for testing databases etc, (and for me to use when 'mandatory fields' are presented on ridiculous webforms (I'm looking at you Solaris)). From the fakename generator FAQ:

          Street address: The house number is a randomly generated

    • Re: (Score:2, Funny)

      by Billosaur ( 927319 ) *

      Be sure to post a journal with the usernames/numbers of anybody who actually does this, so we can stone them.

  • by lecithin ( 745575 ) on Wednesday December 19, 2007 @11:02AM (#21752082)
    $3,200,000,000 isn't chump change. This is an organized effort.

    Are these people that good? Is it that hard to follow the trail?

    Do the companies care that their consumers are being duped?

    No. Really. Have you ever hit up paypal or ebay regarding a fraudulent transaction? Nothing usually ever comes of it. Why think that they will change now?
    • Re: (Score:3, Insightful)

      by tha_mink ( 518151 )

      No. Really. Have you ever hit up paypal or ebay regarding a fraudulent transaction? Nothing usually ever comes of it. Why think that they will change now?

      No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve. It's akin to walking down to and asking people where you can buy a nice and handing them your wallet. If you don't know HOW to distinguish genuine emails from from a phishing attack, then you should put your credit card away, step away from the computer, get in your car, and go shopping at the mall like the olden days. To an extent, the banks and businesses can do a bette

      • No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve.

        Amen to that. You know, I get phishing e-mails every day at my main account, and tons more to my hotmail and yahoo accounts (where their filters catch most of them, but it's fun sometimes just to look them over before they get shit-canned). I would say that at LEAST 2/3 of them are so obviously fake (misspellings, fractured syntax, totally unprofessional looking, etc.) that yo

      • No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve.

        I think one of two things has happened here, either you mis-understand what a phishing e-mail actually is or your anti-spam mechanisms catch most of the phishing e-mails that come your way. These are not the "v14gr3" type mailings - these are often exact replicas of bank, eBay, PayPal, etc. websites and/or mailings so meticulously crafted that at times they've made me take pause to examine the headers. URLs are obfuscated in ever more clever ways and at first glance I wouldn't think anything of it and I w

      • No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve. It's akin to walking down to and asking people where you can buy a nice and handing them your wallet. If you don't know HOW to distinguish genuine emails from from a phishing attack, then you should put your credit card away, step away from the computer, get in your car, and go shopping at the mall like the olden days. To an extent, the banks and businesses can do a better job, b

      • Wrong. People are just that ignorant of how IT technology works and can't comprehend the concept of phishing. I've seen some fantastically mimicked phishing attempts and God forbid you get one simultaneously with a legitimate transaction. I've had that happen with Paypal and I seriously doubt 99% of people wouldn't have just followed the links to reattempt a transaction. I place much of the blame on the browsers and mail clients that aren't sophisticated enough to notice that BankOfAmerica.com is pointi
    • Re: (Score:3, Interesting)

      by dsginter ( 104154 )
      Do the companies care that their consumers are being duped

      I know that the tinfoil hat is a popular slashdotter stereotype but...

      The credit card companies do *not* want fraud to go away - they need a small amount to justify their cut of every transaction on the planet.

      A decade ago, I used to be able to swipe my ATM card (which was nothing more, at that time) at the grocery store or gas pump and - voila - the cost was deducted from my checking account. Then, all of a sudden, my bank decided that they wanted
      • I don't think they actually 'want' fraud, I think that that eliminating it altogether just costs more at the moment than they are losing. Visa won't lose their profitable monopoly by eliminating fraud.

        The UK for example has switched almost exclusively to "chip and pin" http://www.chipandpin.co.uk/ [chipandpin.co.uk] Visa cards. Some smaller stores and fast food outlets don't even accept old-fashioned signature-only credit cards any more.

        Most banks in the US/Canada charge fees for a fixed number of transactions, your bank just
      • The thing was - the ATM transactions didn't cost either party more than the marginal cost of having the system in place. With the Visa (or Mastercard, etc) direct-check, my bank and Visa get to cut each other in on the deal. It is all a big racket.

        Oh come on, that's nothing. The banks have us renting our money from them, at 5% (or whatever) every year. 95% of money is credit. Think about that for a second. The banks are earning 5% per year on 95% of all the money which exists.

        The credit card companies simply saw that we were dumb enough to rent said money from the banks and wondered if we would be so dumb that we'd pay them a fee on every single transaction, and basically they were right, we are. We go out every day and work our arses off for 8 hour

    • Comment removed based on user account deletion
    • Why can't they just follow the money?

      I know with the technological spoofery it can be difficult to find the origin of the phishing.
      With dodgy registrars and others it can be difficult to find the owner of a domain.

      But the money has to actually go *somewhere*. So why can't it be followed up at the point somebody moves it somewhere?
      • But the money has to actually go *somewhere*

        That way my initial response actually. Money is one of those things that's very hard to "lose" in the sense that it doesn't really vanish - it just ends up in someone else's pocket at the end of the day. The interesting thing would be to see how much economic activity is generated by the stolen funds - because I guarantee that these guys aren't just taking the money and having it sit in a non-interest bearing account in some kind of bizarre effort to combat inf

      • Why can't they just follow the money?

        I think part of that may stem from how the costs are incurred. The collective amount lost to fraud is quite large, on the order of billions of dollars, but the amount lost for each individual case is probably fairly small, probably on the order of a few thousand dollars or so on average. Now, given that it takes a certain fixed amount of legwork to track each fraud to its source and punish those responsible, most fraud cases are not large enough to justify those fixe
    • US population: 301 million
      People scammed: 3.6 million
      Suckers/confused: 1.2%

      and that's if we limit the pool to the US. It's not really surprising that they get this many people. Expect it to only go up as the online pool gets bigger.
    • Yea, I had the experience of dealing with scams as a seller using eBay/PayPal services. It was a freaking nightmare! Seller protection polices are just lip service, I followed them exactly and still lost out. I thought it was just a one time occurrence then it happened again. So I just stopped using selling products using online auctions and my life became less stressful :) Do eBay/PayPal care? In my case no!
    • $3,200,000,000 isn't chump change. This is an organized effort.
      Bullshit. This is like cops telling you that the pound of Mexican Dirt Weed they busted some poor sap for last week is worth $20,000. It's like Adobe telling you they lose millions on Photoshop every year when you know dman well that none of those pirates would have bought it retail anyway. Bullshit.
    • No. Really. Have you ever hit up paypal or ebay regarding a fraudulent transaction? Nothing usually ever comes of it. Why think that they will change now?

      Once. I ordered a set of Quantum Leap DVDs that turned out to be pirated, complained to both eBay and PayPal, and got my money back. The vendor disappeared off of eBay immediately, although I suppose they were back under a different name the next day.

      The thing about these DVDs is that the price was about right for a legitimate copy, and the vendor

  • Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley

    But don't the criminals still get the money, regardless of which type of account from which they steal it? Why do they care either way about better consumer fraud protection (which I read as "responsibility for unknown charges")? Or is it that credit cards have

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Wednesday December 19, 2007 @11:28AM (#21752436)

      Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley

      But don't the criminals still get the money, regardless of which type of account from which they steal it? Why do they care either way about better consumer fraud protection (which I read as "responsibility for unknown charges")? Or is it that credit cards have better preventative measures? I RTFA, but couldn't find where Berkeley talks about why credit cards have better fraud protection.

      Also, as an anecdote, my bank/debit card company did very well to prevent an instance of fraud with my account. I'd like to know what credit card companies do so much better, other than the fact that they're not able to hold you personally liable in cases of fraud and thievery for amounts over $50 (?).

      The reason credit cards are better is because the protections they have are enshrined in law. Debit card fraud protection isn't - it's only between you and your bank. That's where the $50 protection comes in - if your credit card is stolen, you're only responsible for the first $50 used while it was stolen (even if you didn't realize until later). Now, some banks actually make it "no liability" and eat the $50 as well, but like debit cards, that's between you and your bank.

      Now, imagine your debit card is stolen (or more commonly, duplicated with information stored from illicit debit machines). As far as your bank is concerned, you've been withdrawing the money as normal.

      Finally, consider the illicit charge that happens. With a credit card, the money is the bank's (or Visa/Mastercard/Amex/etc) money. They will lean on the merchant to offer proof that you made the transaction (hence the little credit card slip you sign), since that's a contract. If not, they take the money from the merchant and reimburse you.

      Now try a debit card. The bank can't tell that it wasn't you that made the trasaction. In fact, it could be you trying to scam free money off the bank. All the bank has is a record that your card was used to withdraw cash from your account (your money) that you claim you never withdrew.

      This should be a call for better debit card security, but until then, proving you didn't take your money is a lot harder than having the merchant prove you did make the purchase. Since it's not the bank's money, they can investigate as long as they like, while you're out of the money for the duration. Now some banks may offer cardholder services that make it similar to credit card in protection, but they don't have to. (A more practical aspect - if your credit card was used illicitly, you're not out the money immediately, so you can sustain yourself. If your debit card was used illicitly, you're out the cash until your bank refunds it. This can mean not having money for food and shelter...)

      Just FYI - the signature on the back of your credit card is used to indicate that you agree to the cardholder's agreement. It is not, and should not, be used as a signature reference. That slip you sign is a contract saying you will pay the amount shown as per the cardholder's agreement (which your signature on the card verifies). Thus, "Check ID" is not a valid signature on the card, and the store is right in refusing your card since you technically did not agree to the terms of your cardholder agreement (which naturally includes stuff like paying back the money you borrowed!). The cashier, unless they are trained in handwriting analysis, can't really compare signatures (and shouldn't). They can do a quick verification to make sure that you're not playing games, but that's about it.

      Stores that tend to attract a lot of fraudulent activity may request ID, though.

      It's also why e-commerce is slightly more vulnerable to credit card

      • Last year I had someone steal my debit card number and rack up a variety of online purchases, oddly enough a lot of the merchandise ended up being shipped to my billing address. My bank was absolutely worthless as far as getting my money back. Initially, I even had to cajole and threaten to get my old debit card disabled. The only way I was able to recover my stolen money was by calling each of the vendors listed on my statement and explaining the situation. Fortunately they were all very reasonable. T
      • Thanks for the info. That is helpful.

        But do you see what I mean about the criminal side of it? Why would a criminal care if I get my money back, thus why would they prefer to steal from a bank account? Do you know if there's anything that makes it harder to steal from a CC account vs. a bank account? The article and summary made it sound like thieves prefer bank accounts vs. credit cards for some reason.

  • Phishing for spam. (Score:5, Interesting)

    by Ochu ( 877326 ) on Wednesday December 19, 2007 @11:05AM (#21752146) Homepage
    I've been saying for a while, phishing is a far bigger problem than spamming. The attach rate is a lot higher, because people think they are responding to a genuine email from Bank of America, the rewards are orders of magnitude higher, because you can take all their money, while the costs are just a bit higher. Sure, its slightly illegal, but to be honest, that clearly has no effect.
    • Sure, its slightly illegal

      Slightly illegal? Is there a sliding scale of culpability when it comes to stealing what belongs to someone else these days? Obviously I mean OTHER than corporate scams like Enron.
  • $3.2 billion. I have to worry about $3.2 billion gross lost due to phishing, and put up with what will amount to billions more in wasted time and energy when Citibank decides to cancel my card while I'm in Europe even though I called them 5 times to let them know exactly where I will be and when. "oh, we thought you gave your number away online."

    Let's look at $3.2 billion "lost."

    300 million adults in the US x Z = 3,200 million.

    Z = $10.66

    So we're all fretting over $10.66 each that we lost in a year. Big d
    • Sure, from the average citizen's perspective, $10.66 isn't money worth much thought. But, from the average Phisher's perspective, $3.2 billion is a hefty sum. How many Phisher's do you think share the $3.2 billion? Maybe I need to consider a career change...
    • Re: (Score:3, Insightful)

      That is if you trust this figure.... ... Gartner is not the most relaible source, and how did they come up with this estimate, when the victims mostly will not tell people they were scammed, and the banks will not release their losses ...

      • by dada21 ( 163177 )
        That is if you trust this figure.... ... Gartner is not the most relaible source, and how did they come up with this estimate, when the victims mostly will not tell people they were scammed, and the banks will not release their losses ...

        Still doesn't effect me. The minute I heard about phishing, I sent an email to all my friends and family explaining it in detail. This goes back years ago. So far, not a single person I know, not a single customer I work with (out of thousands of users) and not a single
    • so you're okay with donating $10 to thieves every year? I'd rather give cops an extra $1000/yr than thieves an extra $10.
    • It's so easy to say that the people that fall for these things are morons, that they are responsible, that $10 isn't much money on average. Now imagine that your grandparent falls for one of these scams and loses $10,000 of their retirement money. Or your spouse falls for one and ends up destroying your credit for the next 10 years. Yes, people need to pay attention and yes the average person should spot a phishing email. But blaming the loses on the victims is like saying that the girl that got raped d
  • by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Wednesday December 19, 2007 @11:16AM (#21752284) Homepage Journal
    I feel this is largely parallel to the stories and discussions we've had on the economic basis of spam, and the comments I've made on the economics that drive others to cover for the criminals.

    Many of the phishing emails I have seen tend to use domains that are creatively re-arranged to look like the real thing - something like paypal.com.evilphishingdomain.com to substitute in for the real paypal.com. And of course, the evilphishingdomain.com was willingly sold to a crook by a registrar who themselves are of less-than-stellar reputation.

    Just as I've said before regarding spamming domains, if there were better controls on the domain registration process, a lot of this could be reigned in. Sure, some phishing emails do go by IP addresses instead of domain names, but for the large portion of them that use names instead, we can shut down their game quicker by making registrars actually give a hoot about their customers' damage.

    The Malware Economy Evolves (slashdot article) [slashdot.org]
    Comments on Malware Economy [slashdot.org]
    The Economic Basis of Spam (slashdot article) [slashdot.org]
    Comments on Economic Basis of Spam [slashdot.org]
    My journal article on the registrars' role in keeping spam alive [slashdot.org]
    • by Burz ( 138833 )
      We don't need a repressive bureaucracy on the domain naming process.

      What we need is to teach people what domains ARE in the first place; that they are crucial (down to the last character) for reaching one's proper destination; that checking links by hovering over them first and looking at the tooltip/status bar is important for safety; that establishing the HTTPS lock is no good unless one looks at the domain at the same time.
  • Legal Phishing (Score:5, Interesting)

    by jomama717 ( 779243 ) * <jomama717@gmail.com> on Wednesday December 19, 2007 @11:24AM (#21752394) Journal
    I can't wrap my mind around it, but it seems that there is some relationship to this phenomenon and that of $7.8 Billion in unused gift cards [sltrib.com] (just this year!!)

    The end result is the same, some group (in this case retail store executives) is getting billions of dollars in exchange for exactly nothing.
    • You need to take a class in accounting. When someone buys a gift card from a company, the company has to carry that amount as a liability on their books because they owe that amount for good or services to the card holder. Granted they are keeping your money interest free but it isn't treated as free money to them
      • I'll pass on the accounting class, apparently they turn people into assholes.

        Granted they are keeping your money interest free
        Isn't that enough?
      • On the other hand, some companies like to expire the gift cards after a while, in which case they do become free money for them.
  • This gives new meaning to the cliché "there's a sucker born every minute".

    Dan East
  • I got that number from the institute-of-pulling-numbers-out-of-my-butt.

    Seriously, when they say a number like $1244, where are they getting that?
  • Its a simple premise that the customer is at fault. Why would it be the companies job to ensure I didn't walk around passing out my CC#? Its not. Thats why its 3.2 billion $'s GONE.
  • riiiighhhhtt [google.co.uk]......
  • You mean made!! I'm rich, woo hoo!
  • To draw from a parallel, there are plenty of rules and restrictions for using HAM radio. Many have been relaxed...many important ones. But the fact is, you still need a license for much of it.

    It would, of course, be harmful and limiting to commercial interests for such usage restrictions to be put into place and could even serve as a tool to restrict communications freedom... so maybe in that respect, this is a really really bad idea. But I'm thinking that a license to use the public internet should been
  • *NEVER* give out personal financial information in a transaction that you did not yourself originate. As in NEVER. People have been taken in by con-artists as long as there have been human's roaming the earth, and the solution to this behavior has been around just as long. Don't be a fool, and you won't be fooled.

    Anyone can pretend to be your bank or the tax authorities, so don't fill in any forms or pay any money without cast-iron proof. Make them personally visit your shack in the mountains. Don't be s

  • 3.2 billion-with-a-b dollars? Whoo, that really, really stinks. I wonder where Gartner pulled that number out of?
  • by Anonymous Coward
    I recently opened a Suntrust checking account, and soon got a welcome E-mail with the expected "SunTrust will never send unsolicited emails asking clients to provide, update, or verify personal or account information, such as passwords, Social Security Numbers, PINs, credit or Check Card numbers, or other confidential information"

    Later that same day, I get another E-mail from "Suntrust Credentials Delivery", asking me to go to https://www.suntrust.com/completeenrollment [suntrust.com] and enter th
  • 3.2 billion dollars were lost? No. The 3.2 billion dollars aren't really lost. They know where the money is, still. It's just when you go there, there's this new guy holding it.

    It's just like when you lose a job, or a girl, right Mr. Goldthwait?
  • Gartner's wording shows a definite bias against those using alternative income techniques. Here's another way to read their summary:

    "Gartner's latest survey into the realm of phishing shows increased income for 2007, with record revenue of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall income per incident fell (to $886 from $1,244 made on average in 2006) but the numbers of individuals who subscribed rose quite sharply from 2.3 Million in 2006 to an impressive 3.6 Million. Though online por
  • Assuming that the 3.2 million incidents are from unique users, around one percent of the U.S population isn't able to avoid being victimized by a phishing scam.

    The news here isn't "OMG scamming is teh huge!" but that the numbers are so low. My everyday experience would lead me to believe that the number would be significantly higher than 1%. I mean, I run across people every day where I wind up wondering "How does someone that stupid remember to breathe?"
  • If you have money, and are stupid, you are likely to get phished. While getting phished is unlikely to collectively benefit stupidkind, they DO now collectively have much less money. This should either make them a less attractive target, or at least mitigate the level of damage the phishers can do. I suppose you could say the internet is being "phished out". Pretty soon "a fool and his money are soon parted" will have been applied enough that few of the stupid people have anything left to be phished? L
  • From the article:

    Gartner sees no easy way out of this dilemma unless e-mail providers have incentives to invest in solutions to keep phishing e-mails from reaching consumers in the first place, and unless advertising networks and other "infection point" providers (which theoretically can be any legitimate Web site or service) have incentives to keep malware from being planted on their Web sites to reach unsuspecting consumers.

    In practice, only a small minority of "legitimate Web sites or services" are

  • Not just because of Gartner's reputation, but losses are always grossly exaggerated and often based on intangibles like potential profit. Not to mention that this whole survey thing is a a guesstimate.

    Your typical fear-mongering.
  • All that money wasn't lost. It just got moved around!
  • ... to whoever posted the "The Last Boy Scout" reference in the tags. ("That's nine zeroes, son!") I love the twangy way that guy delivered that line. Makes me want to watch it tonight. :-)
  • Stop being stupid.

    Thanks.

Genius is ten percent inspiration and fifty percent capital gains.

Working...