Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phish Scams Fooling 28% of Users

Posted by CmdrTaco on from the scary-stuff dept.

Etaipo writes "Anti-spam firm MailFrontier Inc has done some testing with consumers to see if they could differentiate between legitimate e-mails and phish scams. The results, to me, were pretty shocking. The company also has provided a similar test on its web site. Get an answer wrong, and we revoke your geek license on the spot."

2 of 618 comments (clear)

  1. ANSWER KEY by romper · · Score: 0, Redundant

    They're all ledgitimate.

    Also it asks for your credit card before you see your score but only so it can verify your identity.

    --
    Right is wrong when left is right.
  2. This is a mornoic quiz by @madeus · · Score: 1, Redundant

    This is a *moronic quiz* (and no I haven't taken it - I refuse to on the grounds the permise is so retarded, but I did look it over carefully).

    In this quiz, your not allowed to examine the URLs (to see if the 'links' point to where they appear to)...*boggle*. That's exactly what you SHOULD do.

    I've had a couple of emails over the last year asking me to 'check my account details' and 'login or it will be suspended', thinking they sounded suspicious I checked them out, the domains in the URLs and the RIPE records to make sure the IP's the hostnames pointed to matched up with the company in question. Both sounded very suspicious, but turned out to be completely geninue becase I know how to check them (whois netsol, RIPE, ARIN (et al), host/dig are you friends - well not netsol they are cu^W^W...).

    If I'd simply dismissed those two emails out of hand I would have locked myself out of accounts I find most useful. Encoraging people to base decisions on *hunches* when it's staightforward to check the facts and make an informed decision is completely irresponsible.

    This test completly misses the oppertunity to educate people in a really meaningful way by allowing you to actually example the 'emails' in full, because it would be bloody obvious to tell the fraudulent ones apart from the geniune ones, just as it is in reality.

    If you are directed to a URL like https://www.paypal.com/ - which you recognise as the offical website for the company in question, you may as well assume it's legitimate. However, if the link actually takes you to a URL like http://www.paypal.ru/,or if they email you from an address like/solicit replies to paypal@yahoo.com - your fairly obviously being shafted. Really it's not rocket science.

    I had this when I was directed to a site called www.ups-europe.es from a guy in Spain, who I'd been in contact with via eBay. One quick 'whois' check showed clearly dubious registration details for the domain, and the whois against ripe.net against the IP the hostname pointed to showed the site was hosted on a virtual server at an el-cheapo ~10 Euro-a-month consumer hosting company (not the sort of setup a UPS site which handles fanancial transaction services is going to be hosted on). So I strung him along, got some details out of him, and eventually handed everything over the police when I was done playing with the guy.

    The point here should be to teach people how to check for themselves (and make it easier for them too, though better software design), not to encourage people to make decisions like this based on 'their feelings' about an email.