Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Spam Security IT

Millions Continue To Click On Spam 210

An anonymous reader writes "Even though over 80% of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to a Messaging Anti-Abuse Working Group (MAAWG) survey. In the survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it — activities that leave consumers susceptible to fraud, phishing, identity theft, and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection."
This discussion has been archived. No new comments can be posted.

Millions Continue To Click On Spam

Comments Filter:
  • Click here! (Score:5, Funny)

    by somersault ( 912633 ) on Thursday March 25, 2010 @08:59AM (#31609984) Homepage Journal

    FIRST POST!! [hotsexyviagrapanaloons4u]

  • Old News (Score:3, Insightful)

    by MrLogic17 ( 233498 ) on Thursday March 25, 2010 @09:00AM (#31609992) Journal

    Humans will always be the weak link in security.

    • And the big red fart button will be the wedge that slips through that chink.

    • Re: (Score:3, Funny)

      by vajorie ( 1307049 )

      Humans will always be the weak link in society.

    • by grumbel ( 592662 )

      While it is true that humans are often the weak link in the end, there really is absolutely no good reason why clicking on the link should have negative consequences for the user. The whole mess we are in is simply because none of the OSs we use today where build with the security needs of today in mind. Even things like Linux completely fail, as they where build around the concept of protecting users from each other, but not around protecting the user from malicious applications, so once an application run

      • There are a few steps here and there to improve the situation, but we are still far away from having an truly secure OS.

        We're not far away at all. The truly secure OS is already here. There's only one problem. People won't even consider it. It's called Trusted Solaris or SE Linux. So secure that it barely allows authorized users to use it. Evaluated and approved by the NSA. It's SECURE. It's also incredibly touchy and will NOT talk to your MP3 player, now matter how much you beg. Your digital camer

  • Call the It Dept! (Score:4, Insightful)

    by mewt ( 1057562 ) on Thursday March 25, 2010 @09:00AM (#31609994) Homepage
    And then they call the IT Dept. claiming that they did nothing..It's just started acting weird..all by itself.. I was just reading this cute mail I got about penises and viagra!
    • Fucking tell me about it.

      "I didn't do anything. I mean I was just online..er, using Limewire to get..music, and suddenly!"

      • Not likely when IT will be making a short call to HR that will get you sent packing.

        And in this particular case deservedly so.

        Apart from wasting company time, filesharing can expose the company to legal liability...perhaps even more so that privately since the RIAA will probably drool more at the corporate treasury than Joe Sixpack's own wallet.

        • by Ltap ( 1572175 )
          Good job, tying your own issue into this. Also, People who know how to use filesharing software are probably more intelligent than the usual dumb user who would click on spam.
          • by Z34107 ( 925136 )

            No. No, they're not.

            I work for tech support on campus, primarily cleaning student laptops. I have yet to see one that didn't have limewire on it.

            Maybe you can argue that they're still smarter, but evidently not by enough to have a meaningful chance of avoiding infections.

    • by sarlos ( 903082 )
      Hehe... my favorite moment while working in my college's Help Desk center for IT support for faculty, staff, and students... There was this virus embedded in an email with a subject along the lines of, "See what the 7 Dwarfs got Snow White for her 18th Birthday." I personally cleaned the virus off three professors' desktops, and we had at least a dozen cases overall. Mysteriously, the professors were always out of their office when we came to clean up their PCs...
    • For your enjoyment [thewebsiteisdown.com]
    • 'Drive by downloads' and 'automatic execution' are as old as Windows itself.
  • Users. (Score:5, Interesting)

    by skgrey ( 1412883 ) on Thursday March 25, 2010 @09:03AM (#31610036)
    Users are ignorant to computers. Users have always been ignorant. We can do whatever we can to protect them, either through education, security, antivirus, and anti-malware, but the problem is they aren't geeky tech-people that keep us and like this stuff enough to learn it.

    How about we just have a TV show or a movie they want to watch, but teaches them? We could make it a romantic comedy for the ladies or a war movie for the guys, but insert in proper computer use and warnings about spam, viruses, phishing, fraud, etc. We need some kind of mass media to actually teach the masses, and it needs to be a regular interval to keep up with the problems.
    • by Pojut ( 1027544 )

      And to think, users were once considered gods and creators. [wikipedia.org]

    • Re:Users. (Score:5, Insightful)

      by Spad ( 470073 ) <slashdot@ s p a d . co.uk> on Thursday March 25, 2010 @09:19AM (#31610240) Homepage

      The computer industry is largely to blame for user's attitudes; they've spent years convincing everyone that computers would make their lives easier and do everything for them without requiring any specialist knowledge and we all know that's bollocks.

      We simply wouldn't accept it if the same proportion of people who outright refuse to even try and understand the basics of the IT tasks they perform every day did the same thing with cars or washing machines or lawn mowers. The roads would be carnage - tens of thousands of drivers refusing to learn how to use the stearing wheel or brakes because they "Just want it to take me to the shops, I dont' care how it works".

      I really don't think there's any short-term solution to the problem.

      • by Pojut ( 1027544 )

        I really don't think there's any short-term solution to the problem.

        I agree, but I think the long-term solution will happen on its own. As more and more people who grew up with the internet get older, less and less computer illiterate people will be out there...eventually, there won't be anyone left who lived in a pre-internet world.

        It would be interesting to see what age demographic is currently most likely to click on spam links...

        • by Spad ( 470073 )

          Don't make the mistake of conflating young people who are comfortable using computers with people who are genuinely computer literate.

          My brother is comfortable using a computer; he's on the facebook and twitter & youtube and whathaveyou, but he certainly isn't what I would call computer literate. Anything outside of his "routine" uses will usually result in a phonecall to me asking how to do it. He does at least tend to retain that information for a little longer than, say my mum does, but that doesn't

          • by Pojut ( 1027544 )

            Sorry...I meant "computer literate" to mean "not stupid enough to click on obvious spam or phishing links"...just used the wrong phrase is all.

            • People aren't getting smarter as time goes on. We've had roughly the same spread of IQ for hundreds to thousands of years now. (Some claims of thousands to a million, but I'm not sure I totally believe the methods there.)

              I taught high school for 5 years. I saw lots and lots of kids who grew up with computers do amazingly stupid shit. $400 phone bills for signing up for ringtones and wallpapers and not realizing that they were signing up for $10/month continuous billing rip-offs. Lots of malware from limewi
        • by Ltap ( 1572175 )
          Not really. Young, dumb users are almost as bad as old, dumb users - the only difference is that they do more online and present a higher risk.
      • by Belial6 ( 794905 )
        Bingo! I can't count the number of times I have heard someone claim that they didn't understand, and it was ok because they are not "computer" people, when the thing they did was not really "computer" related. Things like, not turning a computer on, and wondering why it isn't working. That isn't a "computer" problem. That is an "Electricity" problem.
    • Re:Users. (Score:5, Funny)

      by Hoi Polloi ( 522990 ) on Thursday March 25, 2010 @10:03AM (#31610852) Journal

      How about we just have a TV show or a movie they want to watch, but teaches them?

      Great idea. Here is a sample from the new soap opera, "One Operating System to Run"

      "Madeline, we can't keep seeing each other like this."
      "It's your wife, isn't it?"
      "No, she doesn't care. She hasn't since the accident. It is...I can't say it..."
      "Tell me Steven! Tell me!"
      "Fine, it is your hard drive, it is a mess."
      "What? How can you say that?"
      "Admit it Madeline! Not only is it heavily fragmented but it is full of bloated logs, unneeded installation downloads, duplicate mp3's, old temp files, core dumps, I could go on."
      "Oh Steven, it's true! It's true! Please help me! I love you! I want to change!"
      "Ok, just go to www.diskcleaner.com and download..."

  • by IWaSBoRG ( 992305 ) on Thursday March 25, 2010 @09:03AM (#31610040)
    Millions of computer users are idiots.
    • Re: (Score:3, Insightful)

      by Em Emalb ( 452530 )

      I am incredulous that "80%" of people are aware of botnets. I call B.S. on that figure. Most people think "the internet" is a utopia where nothing can go wrong.

      • Seriously? Do you not have TV news in your country? The BBC and mainstream newspapers in the UK have run lots of stories about botnets.
    • by mcgrew ( 92797 ) * on Thursday March 25, 2010 @09:25AM (#31610316) Homepage Journal

      Millions of computer users are idiots.

      Ignorant != stupid. The difference is, there's a cure for ignorance, none for stupidity. But everyone is ignorant. I know about as much about running a bar and construction company as Mike knows about running a computer. I have as little interest in learning about construction as he does about running a computer -- little to none. I just want a house to live in, he just wants his computer to work.

      • But where's the mean-spirited fun in dumping all over ordinary people in that?
      • by Nemyst ( 1383049 ) on Thursday March 25, 2010 @09:52AM (#31610644) Homepage
        Yet you know that if your roof leaks you can either look at the tiles and try to patch it yourself, or you call a professional to do it for you. You know that if your house is dirty, you must clean it. You know that if you get bugs, you must call an exterminator to get rid of them.

        You know that if you buy a house, you must be ready to maintain it if you don't want it to fall apart. The same SHOULD be said of computer owners, yet this is not the case.
        • That's because personal computers are low-cost consumer goods. You can buy a decent one for a couple hundred bucks and it quickly devalues. When it breaks, it might be more cost-effective to just buy a new one than to get it fixed. Now compare that to your house. It takes years to pay off, and its value remains relatively constant. When it breaks, you get it fixed! You can't afford a new house!
          • by Nemyst ( 1383049 )
            Everything is proportional. Repairing a house costs in the thousands for something worth hundreds of thousands. Repairing a computer costs tens for something worth hundreds (and that's if you're not clever enough to use the ton of free software out there that does the job all well and fine). Saying that you should buy a new computer when it breaks just because it isn't as expensive as a house is entirely the kind of stupid things big corporations want you to do.

            If you hadn't noticed, most of my analogies
        • Sweet jeebus, man, is it too much to ask for a car analogy?!
        • by RMH101 ( 636144 )
          No, it's a consumer electronics device. I know if my TV goes on the fritz I should call a TV repairman, but I don't expect through normal use for someone to use my TV to steal my online banking passwords and clean me out.
          You can't protect a user against everything, but the default should offer more protection. If you have a device aimed at consumers where a significant proportion of those users have problems, it's not a well-designed device.
    • Most people in the world are ignorant fools, most people in the world behave like idiots at one time or another, unfortunately it is what it is, intelligence is not prerequisite to survival apparently. Also it is probably true that a very large percentage of the population will also do pretty much anything for a buck, combining these facts together and you get a pretty sad place to live in.

    • Also in unrelated news, millions now are st0ng-er in bed! They l0St w3ight now! And they are getting huge discounts on pfizer and v1@gra!

  • Smart software (Score:3, Interesting)

    by Elledan ( 582730 ) on Thursday March 25, 2010 @09:04AM (#31610050) Homepage
    I propose we link spam filters into some kind of device which shocks the user if a link is clicked or attachment opened in a spam message. Maybe it'll make them finally learn not to open those things, much like how one teaches stubborn dogs not to pee against the couch.
  • by Anonymous Coward on Thursday March 25, 2010 @09:11AM (#31610128)

    Congratulations!!!

    Your name has been picked. You have just won millions of dollars worth of software. You are also granted the permission to give this software to all of your friends and family.

      Click on this link to claim your prize...

    CLICK HERE TO GET FREE SOFTWARE! [ubuntu.com]

    • by Ihmhi ( 1206036 )

      Congratulations!!!

      Your name has been picked. You have just won millions of dollars worth of software. You are also granted the permission to give this software to all of your friends and family.

        Click on this link to claim your prize...

      CLICK HERE TO GET FREE SOFTWARE! [thepiratebay.org]

      FTFY

  • These users (Score:4, Insightful)

    by pinkushun ( 1467193 ) on Thursday March 25, 2010 @09:13AM (#31610164) Journal

    They're probably the users who believe that computers run off magic. For any above-absolute-beginner, common sense should kick in naturally.

    This goes to show the level of incompetence, and talking from experience too:

    Me: "Okay you're logged into the system?"
    Cust: "Uh-yes"
    Me: Click on the Reports menu item"
    Cust: (silence) I don't see it.
    Me: "Any errors pop up recently?" ...(proceed a barrage of troubleshooting)...
    Me: "What DO you see?"
    Cust: "Just a white page with an image, that says 'Google'"

    • The other day I was walking my mother through launching Windows Live Messenger, so we could video-chat and she could see the kids.

      Here was the conversation:

      Me: "Click on the icon on your start bar that looks like a little man."
      Her: "I don't see it."
      Me: "It's on your start bar."
      Her: "Ok, I see All Programs..."
      Me: "No. Not under Start, it's on your START BAR."
      Her: "I don't know what that is".
      Me: "Where is your clock."
      Her: "Uh....I don't know..."
      Me: "It's either at the top right or bottom right of your s

      • Re:Absolutely. (Score:5, Insightful)

        by GvG ( 776789 ) <ge@van.geldorp.nl> on Thursday March 25, 2010 @09:42AM (#31610504)
        In defense of your mother, I would have had no idea what to do if you told me to look at the start bar. Task bar, notification area, system tray, I'd have understood any of those, but "start bar" is completely new to me.
      • It's one thing to have an ignorant user, but someone who is informed enough to know that the word "Start" means the next step to running a program is usually "All Programs" isn't completely ignorant. When you just completely make up terms like "Start Bar", that are named similarly to things that they already know, they'll just assume that is what you are referring to.

        "Taskbar Notification Area" and "System Tray" are both perfectly acceptable, and non-ambiguous, terms to refer to the icon area that sits to

        • Microsoft was smart and picked very unambiguous names for everything on the desktop, and this terminology started in 1995.

          And that's why you have to click "Start" when you want your computer to stop ...

      • I've been using computers for 30-odd years and I don't have a clue what a "start bar" is.

        By deduction I think you might be referring to Windows' "system tray" but I wouldn't expect anybody's mother to understand that term either - not even if I told them in ALL CAPS.

      • Re: (Score:3, Informative)

        by dominious ( 1077089 )
        yea. you fail with people's skills. I would just say "right bottom corner" directly and we would all be happy.
  • I click on spam occasionally when it has be obfuscated enough for me to believe that it might be a real message. I have even found a few real messages that looked like spam.

    However, I run Linux so I don't worry about viruses, trojans, pedophiles and other malware.

    • by Pojut ( 1027544 )

      I click on spam occasionally when it has be obfuscated enough for me to believe that it might be a real message. I have even found a few real messages that looked like spam.

      This is one of the reasons I LOVE the default email client on my HTC Ozone...if there are links included in an email, it will show the display text and then in it will show where the link actually goes. The number of "OMG YOUR CREDIT CARD HAS BEEN HAX0R3D" emails I get that go somewhere like "freecoupondeals.com" is insane.

    • Re: (Score:2, Insightful)

      by LordAzuzu ( 1701760 )
      Running Linux doesn't make you safe at all, man.
      Instead of clicking on links in message that "might be" real, have a look at the message source. Safer.
    • Newsflash: pedophiles are now classified as malware and will be quarantined. Gentleman, prepare your definitions!

    • I run Linux, and I do worry about viruses, trojans, and other malware.

      I'm sorry, I mean no offense to you personally, but this dangerous myth has got to stop. Linux is more secure than Windows, but that does not mean that it is absolutely secure.

      There are, really and truly, examples of Linux malware in the wild. Processes do not need Root to run, they only need Root to corrupt your system. Your userland privileges are still enough to install a malware executable in your \home directory. Vulnerabilities

      • by mspohr ( 589790 )
        I know that Linux is theoretically vulnerable to malware but I haven't heard of any real malware in the wild. Do you know of someplace that describes actual malware in the wild that will infect my Linux system?

        I just did a quick Google search and it didn't come up with any real Linux malware... just articles about either potential (not real) threats and articles stating that there are no threats.

        • Really? I found reference to some in the first link. http://en.wikipedia.org/wiki/Linux_malware [wikipedia.org]

          • by mspohr ( 589790 )
            I actually read the wikipedia article and all it does is talk about potential threats, not any real threats.

            "The viruses listed below pose a potential, although minimal, threat to Linux systems."... I can't get excited about this...

            • Excited? No.

              Cautious enough to stop cavalierly saying "Linux is completely immune to malware, so I can click on anything I want without risk?" I certainly hope so.

              Plus, if you follow a few of the links (under the "Threats" section) they talk about actual malware that has actually infected actual systems. Not theoretical. Not potential. Real malware that has attacked and compromised real systems.

              "Linux is absolutely secure" is a dangerous myth that does not serve the Linux community well. It discourage

  • by SomethingOrOther ( 521702 ) on Thursday March 25, 2010 @09:25AM (#31610310) Homepage

    From TF pdf, under methodology

    "Survey participants are all members of Ipsos' opt-in consumer panels in each of the six markets and were invited to participate via email".

    So, people who respond to spam also respond to bullshit surveys via email.
    Who'd a thunk it ?
  • Whitehat spammers? (Score:5, Insightful)

    by DNS-and-BIND ( 461968 ) on Thursday March 25, 2010 @09:26AM (#31610322) Homepage
    How about some crusaders who mount spam campaigns that, when clicked, scare the holy living hell out of the recipient? Display your geo-location info and a big flashing progress meter that says, "withdrawing funds from your bank account...55%...100%...done" and then a dialog box pops up and says, "Why'd you click on a spam link, sucker? I'll be enjoying your money while I vacation in the Cayman Islands!" Of course no money would be stolen but it would at least give a few idiots the scare of their lives and get them to stop clicking on spam.
    • The primary thing stopping this would be the "Law of Unintended Consequences" AKA if I find my wife's great grandmother slumped dead over her keyboard and what is displaying on the screen is your message I'm so going to find you! by which I mean, enough survivors would call the FBI/police/AG that the law would hunt you down for making "terroristic threats". In other words, don't be stupid.
    • How about some crusaders who mount spam campaigns that, when clicked, scare the holy living hell out of the recipient?

      Because if you hit the wrong idiot with a weak heart and a litigious or determined-and-violent violent family who happen to be in, or have contacts in, your jurisdiction you have something on your hands that you'd rather not deal with. Some may even track you down just over the "sucker" thing: the uneducated don't tend to respond to an insult with a cunningly worded witty repost.

      And then you need to consider the "pro" spammers who, seeing your vigilante action as something that might impact their margins in

    • by Kozz ( 7764 )

      How about some crusaders who mount spam campaigns that, when clicked, scare the holy living hell out of the recipient? ... Of course no money would be stolen but it would at least give a few idiots the scare of their lives and get them to stop clicking on spam.

      Well, "the boy who cried wolf" comes to mind. I think some users who experience this hypothetical situation might think "ah, not harmful spam. Just some jerk with another false alarm."

  • It’s called “natural selection”. It’s a good thing. It gives the more intelligent an advantage that they deserve, while making it harder for the not so wise to live.
    If we’d remove it, we’d only allow more idiots to live. And you know where that would lead to.
    To the exact same thing that it lead, that you now don’t even have to get up all day long, or face any challenge at all in your padded XXXXXXL suit, and demand that lifestyle as a “right”, while bein

    • If any, if we want us to advance, we should make it harder.

      .... until you in all your superiority get knocked down, cry foul, and claim that it was unfair.

  • Modern civilization allows idiots to reproduce.

  • Forward IT! (Score:2, Insightful)

    "continue to....forward it"!!!?!?!?!?!

    FORWARD IT?!!

    * apocalyptic seizure *

  • by Culture20 ( 968837 ) on Thursday March 25, 2010 @10:25AM (#31611240)
    Why not force users to copy/paste a URL if they really want to see the webpage their "friend" sent them?
    • Why not ban HTML in e-mails, then all URLs shown won't be masked.

      • That isn't actually a bad idea, save for the legit emails that do use it.

        Here's my idea:
        Take a html-to-jpg converter that will render the email as it is intended to be rendered. This converter should be sandboxed in a way as to not infect itself. Then on any suspected spam message, or any message at all, have the mail client load it as a JPG. This will kill the links, and prevent any kind of JavaScript hacks. Then in order to actually interact with the mail (copy text, etc) have the user "unlock" it at whic

  • by OpenSourced ( 323149 ) on Thursday March 25, 2010 @01:19PM (#31614658) Journal

    Have you ever looked at a "normal" user interact with a computer? In my experience is more or less like this:

    What's that? A mail about some interesting photos I must check out by clicking here... Uhm, I don't know the guy sending it... and I have really no time for photos, but I have to check it to be able to drop it from my mind.

    What's that? The Internet opened up. Ah! the photos must be there, but there is some stupid error message that stops me moving Yes! Yes! I said YES! Stupid machine!

    What's that? Didn't work. No photos. Again the same message, or it's another one. Impossible to know since I never read the first one, they are all equal, anyway.

    What's that? Again the same message. I'll have to read the message to see why I'm not moving forward. Stupid messages! What's an "X active" anyway, do they think I have time for all that. Oh! It seems that to go forward I have really to click "No" on the second message. Must be to avoid stupid users clicking blindly on "OK" all the time. Ain't I smart? I can now move. What? Installing what? Always waiting. Well, it seems to work now. Oh! Those are porn photos! Close, close, close. If the boss sees me I'm dead. Damn SPUM mail!

    Ok, next point in my to-do list, banking. What's that? Yes , I want to ALLOW that program to access the site "allOfYourMoney.AreBelong.to.us". Stupid firewall. Won't let me alone to do my work. ...

    People, probably due to a nomadic origin or something, think in computers in terms of "going" places, "reaching" things and "routes" they know (To open the Excel you go here, press here). Messages from the computer are interpreted as obstacles that one must overcome to reach the goal. Some other paradigm has to be found for security in computers. I have some ideas, but too tired to write more. If some rich company making OS's is interested, I do expensive consulting.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...