Why Phishing Works

[kelly]

http://www.theregister.co.uk/2006/06/07/why_phishing_works/

[kimmer]

This is just flat out mind boggling. I mean, wow ... I don't really know. I guess I've always given folks more credit for having brains and using them.

[kbeartx]

QUOTE(kimmer @ Jun 8 2006, 01:19 PM) <{POST_SNAPBACK}>

I've always given folks more credit for having brains and using them.

When God gave out Brains, many misheard and thought they were Pains, and so didn't ask for any...

[Xairbusdriver]

Unfortunately, brains don't come with instruction manuals and who wants to read those, anyway! "Thinking" is just a multi-syllabic word for "Work" and that is a 'four-letter-word' to too many.

[LR827]

QUOTE(kimmer @ Jun 8 2006, 01:19 PM) <{POST_SNAPBACK}>

... I guess I've always given folks more credit for having brains and using them.

But the criminals do.  

We laugh at the "dumb criminal" stories on late night TV, and the jokes that abound on the internet -- but the fact is that it takes little more than normal intelligence to be a "successful" criminal.

"Successful" in quotes, because sooner or later they will be caught and punished -- and that directly relates to the ease with which they are able to fool people into parting with their money.  It is SO easy that they quickly get overconfident, and then they get sloppy, and then they get caught.

Why is it so easy to fool otherwise-intelligent people?

1. Most people are trusting and honest by nature.  Most people will return a wallet with I.D. in it, and feel good about it.  They may cheat (or "fudge" a little) on their income tax, but that is because they feel inclined to keep what is theirs -- not because they want to take from someone else.

2. People are brought up to respect authority -- but also to FEAR it.  We respect the police, but we feel a little fearful when we see them parked on the highway, and we automatically step on the brake.  

3. Criminals are good actors.  They have to be.  They know if they exude a sense of authority -- such as an email from a bank -- the average person will respect it and also fear it ("Your account will be closed unless you...") .

4. Fear -- even a little of it -- is a very powerful motivator.  Never were truer words spoken than Roosevelt's:  "All we have to fear is fear itself."  The criminal does not have to be a genius to make that work for him.

[sandbox]

QUOTE(kbeartx @ Jun 8 2006, 08:28 PM) <{POST_SNAPBACK}>

When God gave out Brains, many misheard and thought they were Pains, and so didn't ask for any...

Does s/he have a distribution center or pass them out at the shoot?
(I'm visualizing a Walmart Greeter handing out Lunar Fondue discounts because they just bought the Moon.)

again, it goes to the argument of computer literacy and that anyone, everyone should be educated and qualified to operate on the web.

People who fall for these scams lack the knowledge to protect themselves and their data. Now what if they're holding your data? Your name address and phone number in their address book? How many people put all that info in their computer address books? How secure are you if a Charles Manson type figure breaks into your friends computer? It happened in this area, with a address book of someone online a group posing as evangelists went from house to house, calling first to see if they were home and then ....... and then....... well the details are not pretty.

There were a lot of $$$ reasons to just throw the internet out into the playground, but none of them had security in mind.

The only thing we have to fear is............. terrorists or was that global warming?

Most successful criminals don't get caught, but go on the legitimize themselves or their activity IMO. It depends on what the definition of successful is, is.  

QUOTE

"Thinking" is just a multi-syllabic word for "Work" and that is a 'four-letter-word' to too many

People are taught to be Sheeple, societies couldn't function with billions of leaders.

[kbeartx]

This study, article, and subsequent 'discussions' beg the question of 'What can be done to mitigate or eliminate this problem?"

My answer = use a computer that's designed to 'protect users from themselves', that is, one that takes security of all kinds VERY seriously [in design as well as implementation], so that these types of exploitations are very difficult or impossible to perpetrate.

Read = NOT Windblows, which was not designed originally to be networked to any other computers, and its subsequent 'improvements' have made security matters worse, not better.

[Bbob]

This discussion reminds me of one of the bits of wisdom that I picked up later in life. "People who are incompetent don't realize they are incompetent." Think about the incompetents you know and you will understand.

 

[krissel]

They prey on the Peter Principle  of life as it affects us all.

 

[kbeartx]

IMO, the problem is multifaceted:

 1 - Windblows computers are designed to be easy to use, by ppl who are not very knowledgeable about computing
 2 - Windblows computers are frighteningly easy to attack and exploit, a fact that has been 'public' knowledge [in certain circles] for many years, and by now all the evil ppl in the world know this
 3 - ppl who are not very knowledgeable about computing [and even some who are] are very easy to trick into doing something stupid, thus giving control of their computers to evil hackers

I think the likelihood of changing #s 1 & 3 is infinitesimally small, therefore we should endeavor to change #2, either by getting MS to make a more secure product, or get ppl to use a more secure OS instead.

 - KB