Slashdot Mirror
Cybercrime More Lucrative Than Drugs
prostoalex writes "Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI."
Yeah sure, they'd better party like it is twenty-zero-five, sooner or later they'll run out of idiots like dotcoms ran out of VCs.
Cybercrime requires constant training, otherwise your hacking skills can be out of date in just a few months. On the contrary, a crowbar-trained criminal can still make a living in today's high-tech security world.
I foresee in 5-10 years' time, traditional crimes will go mainstream again as many cyber-criminals will be out of jobs^H^H^H^Hcrimes by then.
Rock that crushes, Paper & Scissors that don't matter.
Geeks! Now better than junkies.
If brevity is the soul of wit, then how does one explain Twitter?
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Yet, I bet both of them combined aren't as lucrative when it comes to funding terrorism as hitting your local gas station for a fill-up.
Cybercrime pisses off U.S. black market businesses because it outsources a huge income potential to other countries.
All kidding aside, I don't personally believe in cybercrime. Some cybercrime victims are merely stupid users, and no law can fix them. Other cybercrimes that do disturb one's property should be covered by laws already in place.
My fear is that defending the cybercrime idea will only help make more wealthy lawyers and give politicians more abusive power.
Drugs and prostitution should not be cyber crime. Neither should crimes relating to information freedom... so all that leaves are the phishers?
The Custom Mary
SO when I make an MP3 to put on my PDA to listen to at work, is that considered a cyber crime? And technically, what makes a drug a drug? What about perscription, cigarettes, alcohol? Those are all mind altering and bad for you. I also bet its all the druggies out there that are commiting cybercrimes so they can get more money for drugs.
Click Click Bloody Click PANCAKES!
Great! I'm already worried about identity theft. This will just feed my paranoia.
Think Deeply.
guess it's time to switch jobs ;-)
Given a choice between free speech and free beer, most people will take the beer.
... I knew my mom wasn't lying when she told me I'm special!
I once read that 10% of all trade worldwide is underground, dollar for dollar (or peso for peso or whatever). That's trillions of dollars.
I wonder if aggregate underground economy percentages have increased, or if more traditional underground trade has just moved online.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I've yet to understand the supposed principle that the Powers That Be or the Media could possibly figure out any kind of accurate figures on illegal activites.
:p)
/end rant :p
Dunno 'bout the rest of you guys here, but I never told the police or the press how much profit I made back when I was a small time dealer (can't touch me, young offenders act!
If I didn't, you can be damn sure that big-time or organized criminals do not share these figures either.
Neither do the users. (How many crack-heads report the amount they spend on their habit?)
So what the hell is the premise on which these "statistics" have ever been based on?
I can think of a few ways to fudge up some statistics about people screwed outta their money on the net, but I can't see a way to truly gauge that either. Again, if I fell for the "send me a grand and I'll send you a million" I sure as hell wouldn't tell anyone I was that stupid.
Hence, I dub the entire original article as BS, just like the 'War on Drugs' and even the 'War on Spam'
A couple fans told me that my last journal entry was mint; give it a shot. Hope you like.
hah you wait till there is kung grade ice on the black market, then you'll see the dawn of a new cyber crim the likes of which you've never seen before
Promote Charity on Myspace, Show Your Colours!
...I'll have to order my dope online now?
So far, the only accomplishment of the War on Drugs has been to increase drug crime through by creating an artifical scarcity and high demand for product on the street.
This is equally true for cybercrime. If hacking were legalized, the seedy underworld associated with illegal hacking would wither away and vanish.
According to the book Freakonomics, drug dealers make less than the minimum wage, on average. It would not be hard to beat that level of productivity in any undertaking, criminal or not.
As for the phishing problem, I really don't understand why people fall for those. Your bank, or eBay, or Paypal, will never, ever, ever, ever, ever send you an email asking you to disclose any account information. If those people want to contact you for an important reason, they will either call or send you actual mail. This seems like a simple rule to remember, doesn't it?
...come with the verified certificate of the Nigerian Verification Association. Accept no other phishing emails.
"No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cybercrime."
So "child porn" and "piracy" makes more money than the drug trade? I don't think so...
I took the e-mail test and I "failed" it, identifying two "legitimate" e-mails as bogus. In both of those cases, the explanation said it would better not to follow the links in those two e-mails.
It's somewhat unsurprising that a variety of con artistry should overtake a variety of contraband trafficking and sale in profits without too much trouble, when it comes down to it. After all, a good deal of cybercrime doesn't actually provide a service or a product, in order to acquire its profits, while markets in contraband goods, being markets after all, need to contend against competitive pricing and provide a product subject to some degree of genuine scarcity (varying greatly, depending on the product).
I mean 105 billion US dollars from cybercrime?
If we take away spam and lot of phisphing attemps, what does it leave. 100 billion maybe?
Where does the rest come from?
Are these numbers calculated by the idea that any crime that has something to do with computer and network is a cybercrime? So if I happen to be a columbian drug lord using excel, I guess my heinous activies are cybercrime too?
If so small wonder cybercrime is taking over drug related crime.....
Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
AFAIK, unless you're higher up the chain, like heading a wholesale distributor or "importer" or similar, drugs are supposedly not all that profitable. I read (but don't have the link to) an analysis that showed a street dealer or small-scale distributor didn't actually make any more money per hour worked than usual low-level white-collar jobs. And there is no risk premium for the very real chance of getting killed, or maimed, or for going to prison for a number of years (which really puts a dent in your earnings).
Trust the Computer. The Computer is your friend.
These numbers are almost certainly very sketchy. They list piracy and stock manipulation as part of the total funds brought in by cybercrime. If they just mean people selling pirated software that's one thing, but if they mean people downloading MP3's, then that's different; nobody makes a dime when someone downloads the newest pop hit off the internet, as much as the record companies would like you to think someone just pocketed $15 of their money.
With the stock manipulation, this is also a pretty nebulous number. Did they include only verified cases of people doing this? What did they consider manipulation? The article is very thin.
Narrative
cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy
That's a pretty open-ended definition. So is old-school white collar insider trading or shenanigans now Cyber-Crime just because they do it from a workstation? It'd be interesting to see just what is a cyber-crime now and how it breaks down into that total 150 billion dollars they just throw out there. Of course such data might pop the balloon of FUD as delicious as this.
What is music when you despise all sound?
if you mark all of them as fraud, you 'fail' the test.
I consider all email from commercial entities as fraudulent.
You mean there's a difference between those two?! I thought kiddies do drugs! It's an onomatopoeia!
Because what gives a lot of phishing attempts away - certainly the better ones - is information in the mail header or URLs linked in the text. But we're not shown any of that, so unless they have loads of grammatical errors etc, it's impossible to tell if they are genuine or not.
I don't understand your comment. Child porn and piracy were listed as just two examples of "cybercrime" as per their definition, not the only two.
I looked at that test, and it was annoying. I doubt I could have got 100% on it, yet, I have never been nailed by phishing spam.
What was annoying? I was supposed to judge the validity of the emails from a jpeg - not from looking at the acutal links on the email. I mean, if I get an email from my bank, and the URL that they send me is NOT the same as my banks - then I know it is phishing spam. I do this because I can tell by the domain/subdomain in the links - not by how the mail "looks".
Having said that, I have barely seen mails from my OWN bank, but many phishing spams from others.
Looking at the URL (and understanding how domains and subdomains work) certanly helps with phishing spam - not just knowing that "your passw3rd hazz expireddc" is probably not valid.
Try to hack my 31337 firewall!
Well, there we go. Empirical, definitive proof. People are stupid.
In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
Had a look at the test and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits).
Opus: the Swiss army knife of audio codec
I took this test a while ago and didn't get 100%, even though I'm one of the most internet-savvy people I know. Despite that, I don't know anyone who's been taken in by a phishing scam. Hmmm...
Perhaps I'm a luddite, but I was one very early on. I've always had the policy of never putting my credit card number online. In the old days (Early 90s), it was because most "retailers" didn't even bother encrypting the numbers in their database. Hell, there was no way of even knowing that the store even existed in the first place, the earliest form of phishing. Now a days, I assume EVERY email I get that asks for any information is from a criminal.
With the advent of temporary credit card numbers, I feel comfortable purchasing online, but only from proven stores.
People want to assume the best of others. Most people want to beleive that most other people are honest. When it comes to an anonymous medium like the internet, the reverse needs to be assumed as a starting place. The worst part of its, it's getting to the point that you don't even have a choice if your information is online. Whether your info is sold, your bank allows "online banking", a physical store you shopped has online "convience", or anything else, you lose the choice. Your entire credit history can be ruined even if you never go near a computer, all because of the convience of the internet. It's reckless, dangerous and eventually modern society will pay for such activities.
Burn Hollywood Burn
They have been involved in Cybercrime for years. Each time they force-feed a copy Windows down people's throats. Made them rich.
I'm not a troll, but I play one on Slashdot.
only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
No. Half the examples in that test require users to identify suspect emails as Legitimate. Sure enough, few people (especially the ones who practice 'safe browsing' by default -- i.e. tell no one nothing ever) will score 100% by trusting all those suspect examples.
Users can be taught to default to "NO". They are learning.
That said, user credulousness would be a problem even if 99% of users had identified all the fraud examples as fraud. That 1% would still be a lot of victims.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
The only way to deal with phishing is to *never* give whatever secure information in response to email you didn't initiate. Unless you're Jon Postel (and I believe he's now dead) you simply can't distinguish between legit emails and top quality phishing, no matter how loudly the idiot snobs here insist otherwise.
What I'm listening to now on Pandora...
I don't know about America, but in Singapore the only real difference between CyberCrime and Drugs is that hackers and criminals are rewarded with $10,000 prizes while drug mules are hung.
The emails shown in the test could be real or fake depending on the links, which you cant check from a screenshot.
Only 4% yeah, but does it take into account the main language of the people receiving these emails?
For example I am a native french speaker (from Canada). Every email I receive which is in english ( 99% of my junk mail ) seems suspect to me. It's fairly easy to recognize spam, when you don't recognize the language it is in. Since I receive a lot of english-written spam, and considering that a fairly large part of the internet users are not native-english speakers, I suppose that the 4% figure applied to Americans would be drastically different in another part of the world.
It's ONE thing to say that piracy causes the RIAA/MPAA to have "lost revenues". That's at least an arguable point.
It's ANOTHER to say that piracy has more INCOME than the drug trade.
Now, pirated items "sold" over the internet like actual goods, yeah, that's revenue. But I highly doubt that number has overtaken the drug revenue number. But you KNOW they're including all the free traders on the p2p services in those numbers just so they can scare people into tighter legislation.
That test is a waste. The 'emails' are image files, so you can't see where the actual links point to, you can't see the email header or the true from address. Anyone who nails 100% is more lucky then savey.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
This includes piracy. The movie, record, and software industries routinely claim extremely, ridiculously high losses from piracy to cover up the fact that they make crap that no one wants.
In other words, this article is almost certainly BS, which you could have just assumed when you saw Reuters.
The Phish Piss Test.
Just have all new employees and randomly picked existing employees pee in a cup and test it for phishing metaboloids.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
> I suggest that the field and the general user experience would be greatly enhanced by
> limiting access to compilers/assemblers (by means of pricing and with the cooperation of
> the open source community) and by separating macros or other executable content from
> documents.
[eg. the premise: artificially raise the cost of compilers and nastybad people will stop writing viruses, etc. just like gangsters in New York improvised zip guns when guns cost too much... oh, wait, that's a bad analogy... bad people just make do.]
You should also consider separating "clueless" from "malicious" in your thought process. HTH.
> Think about it; in what other field do we "educate" "users"?
Other than prenatal care, disaster response, home safety, poison control, vehicular operation, wildfire control, diabetes management, power tools, gun storage, and how to program your VCR? Can't think of any offhand...
> We don't try to educate people
> with electrical outlets and let any curious individual perform as a licensed electrician.
But we'll sell wire cutters and conduit to any moron at Home Depot, along with a Hole Hawg and a 3 foot masonry bit. Surprisingly, a license is not required to burn down your house as a DIY repairman, nor is it required to pack a thousand pounds of fertilizer, some gasoline, and some nails into the back of a van, detonate it, and cause much worse harm.
Cars are deadly weapons, as are guns; both require a license to operate, but in neither case does that eliminate fatalities caused thereby. (In fact, on the evening news last night, I noticed that a Class C licensed bus driver rolled over an embankment, killing 2 people and one fetus, injuring the other 39 people on the bus. More than likely, a smaller percentage of licensed commercial drivers do this than, say, unregulated Pakistani mountain bus jockeys, but I have no useful measure of the protective effect conferred by this certifying process.)
Bad people will still be bad people, and "the cooperation of the opensource community" is not something I think you can depend on for this venture. (cf. PGP and SSL export restrictions)
Stack protection, virtualization, perhaps legal penalties for willfully distributing software known to pose a risk to the users without their awareness or education (cf. the Theramed); maybe an overhaul of the communications system, and use of (NON-unicode) certificates required for financial communications. I don't know for certain, but I do believe that your rant about compilers holds little relevance to phishing at this point in time.
Full disclosure: I learned to program on an HP-80 and a Timex-Sinclair ZX-81. I was using Usenet before AOL 'broke' it. And I still think you're chasing the wrong idea.
Remember that what's inside of you doesn't matter because nobody can see it.
So only 4% are using text only mail readers like pine? And the rest are looking at the Paypal graphic in the HTML email and deciding the email is genuine?
Poor bastards.
More meat and less bun in a mailreader makes fakes trivial to spot.
When its 3AM and I want a watch, a television, and some new shoes...
No matter what I do on the internet, it doesnt really help me get there for atleast a day or two.
All I am saying is, don't be foolish and close down your Meth labs cuz of this.
It occurs to me that only the illegal drug and software industries call their customers "users".
Does this mean my drugs are going to get more expensive?
It's hard enough to explain phishing and spyware to him - it's like he almost thinks that I'm making it up just to ruin his fun or something.
I suggest you read Slashdot
Hmm, that test is flawed. It doesn't let you check the header info of the email. I check the headers of every email that deals with any account, and check all the link, and I type the address of the site in myself. If there is something so important, then I can check it in my account page.
"Computer Hacking Skills and/or Skill with a Bo-Staff", Either one will get you chicks... Face it, Drugs are out, Geeks are in...
Get your Windows Malicious Software Removal Tool Here for FREE! - http://fedora.redhat.com
Yeah yeah, we all were suspicious of #3 and #9. But read the quote again: "only 4% of Internet users can flag 100% of phishing e-mails as fraudulent". The only way you fail to be part of the elite 4% is if you misidentify a phishing attempt as a legitimate one, which you did not do. You, like myself and everybody else commenting here, correctly identified all the phishing attemps as such, which is the statistic they're quoting. The fact that we're so paranoid we sometimes distrust legitimate mails as well doesn't figure into that number.
I don't believe this for a second. The amount of drug money that is laundered through the US every year is way more than $100,000,000,000. I've heard figures as high as $600,000,000,000, and those figures are a couple of years old.
Attack its weak point for massive damage!
"The content of this e-mail introduces privacy policies, so it's good, right? But the e-mail is not personalized and some of the links go to bankofamerica1.com, which might be bad" Legit or Fraud?
"But, the e-mail provides links to login to your account-which could be abused by fishers." Legit or Fraud?
"These links seem legitimate as the URL displayed in the status bar at the bottom of the email appears to go to the legitimate Network Solution domain, but always remember that this display can be faked." Legit or Fraud?
What I'm getting at here, is the idea that telling people that they should weed out the good and bads is silly, because even the goods show characterstics of the bads. Just plain don't click on the links. Don't think of emails to be your little gateway to the www, but rather as just a way to get and send messages. Read the message about your bank account, then open up your browser and get to the account yourself or call up the bank.
CowsAnonymous: We're here to help moo.
Never heard of this Kung stuff ;->
I seem to remember that it's an ICEbreaker not ICE...
[All Your Fish Are Belong To Us]
Back in the old days, we had to shovel coal into our computers. That was way back when Usenet traffic was passed via UUCP and by the sacrificing of virgins (never hard to find in CS departments way back when). Why, I remember alerts going "Keep signatures to 28 characters or someone will come and remove your testicles with a 7/16ths nut driver and some mouldy toast".
The world's burning. Moped Jesus spotted on I50. Details at 11.
The only purpose of this post was to get your slashdot ID.
You'll be hearing from us pretty soon
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
Does anyone really think the major banks and CC companies are eating over 100 BILLION dollars a year to scammers?
The test is flawed to begin with, then of course companies might be inclined to "loose" the results from people that actually get the answers "correct".
Also, given the fact that both cybercrime and drug trafficking are illegal, how do they know how much of each occurs? Seems to me that if they had the resources to get an accurate count, there wouldn't be any more cybercrime or drug trafficking.
I wonder what kind of new laws are going to be passed based on this questionable study. Perhaps because we aren't smart enough to verify the email ourselves, the government has to do it for us?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Too bad you can't smoke cybercrime
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
The test was also not entirely fair since it only showed images of the emails. For this kind of thing, I always hit view source, and read the headers and the markup before making a decision - and then usually go to the site by typing in the address and logging in manually, rather than clicking on a link.
I am TheRaven on Soylent News
This is bad news for mind-expansion and brain-hacking drugs as more criminals will turn their investments to the more profitable and less risky cibercrime industry.
i believe in the next twenty years, computers will be the size of houses, and only the very wealthy will be able to afford them.
This is your brain on the Internet.
Just say NO to the Internet!
One's a crime of greed, while the other is a crime of demand (although plently of people get into the drug business solely for the income potential).
If there wasn't a demand for drugs, there would be no drug trade. Conversely, the only reason to steal from others is always greed. Some might steal for fun *cough* winona ryder *cough*, but theft (in person, 3rd person, or via cybercrime) is almost always due to greed. Big difference there... One's there as a result of people wants, and demands. The other is largely parasitic, and exists solely to leech off people.
Personally, I'd rather see my government invest more of our tax dollars into protecting our identities, and investments, as opposed to busting generally harmless dope smokers, and their suppliers (In case you didn't know, marijuana smokers are the most commonly targeted drug demographic these days, and the majority of our tax dollars, go towards fighting marijuana, while proven "bad drugs", such as meth, ruin lives, and run rampant throughout the country).
The reason for all this is greed. The big companies almost write their own laws these days, and meanwhile more and more of our freedoms our lost, as our lawmakers focus on giving their funders (not constituents!) what they want. And surprisingly, things like Cybercrime continue to grow, and be largely ignored (Note, I'm talking real crimes, such as identity theft, phishing, and so on. Not downloading music and videos, which IMHO should be near the bottom of our list of priorities) .
Personally, I'd like to see a major change in how we handle crimes in this country: Elevate identity theft, and other life-altering crimes to the level they deserve, focus our energies and money on bettering our country, and removing our dependence on other countries for our very existance, and stop focusing on the average downloader as being the worst thing to hit the US since Pearl Harbor. Meanwhile, start fighting the real drug problems that are facing our country: Meth, Cocaine, Heroin, and so on, rather than going after the "low hanging fruit", marijaua users, which are largely chosen simply for the ease of busts, and the profit available to cops for doing so.
It's all about priorities, and right now our lawmakers top priorities are largely themselves, as evidenced by recent events.
GoodDear Sir/madam,
Greetings to you who are highly favoured may the lord God Almight be with you Amen. My name is george Ochonogor,im from Delta State Nigeria,am 24years old
boy,I have no family i lost my whole family during the crisis which they fought seriously in Delta state in the year 1999,i have no father,mother,sister or brother,they where burned alive by the ijaws youth during the crisis. Good grief! I hope my ijaws don't set on fire - sounds damn painful.
I was the only one who God survived in my family since then i have nothing in this world all of our property where burned complete including my whole family right now i am alone in this world suffering and begging.i lost my education career because there is no one to pay my school fees,i dont have home to live and no good clothes to wear,i begged to eat right now there is no one i can call for help.
i am now a worthless beggar. Who can afford Internet access. please i really want you to help me with anything you have for me.in fact if there is anyway you can used to help me it will be great.you can help me your old clothes which you are not wearing anylonger,please look at my situation and the pains which im going through in world and help me.
I have no family to help me that is why im here begging you to help me. it is written in the book of {matthew chapter 7verse 7 it says "ask and it will be given unto you,seek and you will find,knock and the door will be opened to you"}so you can help me with anything at all and the Lord will surely blessed you as you help Amen.
I wish my parents are alived i would have finished my education by now. Help in the name of God, please i really rely on your help and i wait for your reply.thanks for you assitance
N.B YOU CAN HELP ME WITH CLOTHES THAT YOU NO LONGER WEAR,YOU CAN SPONSOR ME TO ANY OPHANGE HOME,OR YOU CAN ALSO ASSIT ME WITH ANY AMOUNT OF MONEY TO COMPLETE MY EDUCATION OR YOU CAN TAKE ME AS YOUR SON OR HOUSE HELP. GOD BLESS FOR EVERTHING YOU DO.AMEM
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
Probably piracy makes up 90% of their numbers, and we know that the RIAA, MPAA, and their proxies world-wide probably over-estimate their figures by claiming that everyone who downloads something will not buy it. The article doesn't show the numbers breakdown...
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
So if there are these IT Cartels, who do we have defending us against them? Keanu Reeves? Yikes.... NoMorePoints.com
Maybe the test should say: "IF you had an account with the following entities, would you consider this a genuine or a fake email from them?"
Find the link they want you to click. Hover your mouse over it. If it doesn't go to where it says it goes, it's fraud. Now if we can only teach the other 200 million uninformed, we'll be all set.
That 4% number seems rather suspect to me.
If you take a look at the survey it not only checks to see if you can spot a fraud, but if you can spot a legitimate email too, and marking a legitimate email as a fraud, which in real world terms is harmless, is given the same penalty has marking a fraudulent email as legitimate... Even in the explanation they say that the message had red flag yet was legitimate, so what's supposed to be the lesson learned here? That users also have a hard time spotting legitimate emails?
Yes, it's terrible new people have moved into the neighborhood. I'd like to introduce you to my coworker - she started out hard-wiring programs into an IBM in the 60's.
Now any fool who can type can come along and they don't even have to hand-assemble their programs! Sheesh!
The revolution will NOT be televised.
It's little more than a scam to get you to buy their anti-phishing products. I scored a 70% which surprised me given that
a. I have never recieved mail from any of those institutions, so I have no idea what a "legit" email looks like / how it's worded.
b. I cannot see where the links go
c. I cannot see the header
d. Cannot check if the links have a legit/valid SSL certificate
Given that information, I know I could pass the test with flying colors.
Or maybe what you meant to say was 'fund rich capitalists'.
So for all of us who are busy googling for this person, the name is not Valerie McNiven, but Valerie McNevin. She is a lawyer, worked for the state of Colorado in about 2002 and then for the World Bank and is now with a private company, Cybrinth, LLC which does consulting on cyber crime. The Reuters correspondent did not bother to reveal this.
The article itself is rather confusing - he is actually claiming that cybercrime is perpetrated by "idle youths looking for quick gain"? In the Third World?? And just for fun, once the Reuters dispatch gets rewritten, she turns into a cybercrime guru...
Now, how she gets the number of more that $100 bn being made by cybercrime, I have no idea. I guess it includes the $40 bn revenue Microsoft makes each year...
...is to legalize cybercrime.
Hey man I'm a tech junkie, got any stuff? Stuff that matters?
I would think if that included spamming it would be a little bit misleading. Sure spam is dirty and lame, but I wouldn't go so far as calling it a crime. Wonder if it also includes "warez", where the companies tally up every download as a lost sale.
I know, I know. I should RTFA. But I'm not gonna.
The right combination of anti-US or anti-MS commentary will get you instant karma.
Well, first of all, "ARRHGHGHGHGHGHHHHH the tinfoil hat, it BURRRNNSSS", and
Secondly, if we raised the barrier of entry to the internet to require programing certifications, we would not need to worry about the worms and virii, because anybody worth their certification would have far less of a likelyhood of having a problem with such things, and the virii would have much less shelter to propigate from.
Third, how are you going to make it that only licensed people are allowed to program? Seize the computer of anybody who tries to write a program? Make compilers and assemblers highly contraband and only allow liscensed individuals have them? Shut down internet based tutorials for programing languages because they are not officaly approved by the certification body, and we cant allow people to learn basic programming on their own? Fourth, what the hell good would educating bus passengers do? Educated computer users ARE better at avoiding worms and virii, are educated bus passengers gonna be better at preventing crashes? I would like to know how that works. Using an electrical outlet to plug in a electronic device is nowhere near what an electrician is supposed to train for, and knowing not to click on the "PUNCH TEH MONKEY AND WIN $999999999 $$$$$ DOLLLARS!!!!" flash ads, is nothing near coding.
Your post frightens me severly, and I sincerely hope that this is not a majority opinion.
Hmmm, How are we going to classify the drug trade when it goes online?
only 4% of Internet users can flag 100% of phishing e-mails
I took the test the linked-to article cited as the source of data for that 4% claim. I only scored 80%. Does that mean I flagged only 80% of phish attempts? No, it doesn't. I flagged 100% of the phishing attempts as exactly what they were.
I had two false-positives, which lowered my score. But false-positives are quite a bit safer than false-negatives. In each case, the 'legitimate' email linked to different domains than the origin; the one from Bank of America linked to bankofamerica1.com, and the one from CapitalOne linked to a really odd domain, bfi0.com. That second one is a *huge* red flag, regardless of the content of the email, you'd have to be very trusting or do some extra research in order to *not* flag it as a phishing attempt.
Only 4% of users might score a 100% on that quiz, but that's not at all the same thing as saying that only 4% of users can't flag all phishing scams as such.
The test was also not entirely fair since it only showed images of the emails. For this kind of thing, I always hit view source, and read the headers and the markup before making a decision - and then usually go to the site by typing in the address and logging in manually, rather than clicking on a link.
Phishing scams are not targeted at people like you. Most people have no clue how to read email headers. It is not easy. I admin a mail server, and sometimes I have to decipher what in the world is going on with a bounced mail sometimes, especially when bounced mails are another form of phishing. HTML source. That is well beyond most people as well. It looks scary, and like a foreign language. Typing in an address manually. The keyboard is not considered user friendly. It has too many buttons.
Oh. And I type my urls into google. I don't trust my typing any more than I trust a commercial mail from somebody.
How accurate can sales figures of illegal drugs and online fraudsters be? Do all drug dealers and fraudsters submit honest tax returns for their illegal sales?
Oh well, what the hell...
Both those should be scheduled substances, too... espescially the latter.
The Admin and the Engineer
An email starting "Dear Network Solutions Customer" is a legitimate email?? No wonder only 4% of people pass that test.
This is mildly off topic, but the phishing problem may be close to near-extinction. I, a proud user of the Internet Explorer 7 Beta </glee> am happy to inform you that it has a "phishing filter." When you go to a site, it checks it against a database and will warn you if it's a known scam. If you think an unreported site is a scam, there's a little "report" button you click. So, with any luck, only the stupid who disregard an explicit popup warning telling them they're about to hand over their soul to a Nigerian will fall victim to phishing.
By the way, any idea if Firefox will implement something like this?
DATABASE WOW WOW
... I thought this implied that online drug dealing was making greater profits that the bricks'n'mortar drug dealer.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
the world would be a better place
HP, Epson, Canon and other inkjet printer manfacturers reported record profits on 5.5 picoliter inkjet replacement cartridges. Several spokesmen said their companies have plans to make even smaller cartridges, that will sell for the same price. One company VP was overheard stating, "it's already worth more than cocaine, now if we can make it worth more than gold ..."
I gave up thinking of a cool sig
its probably a skewed statistic that includes the "losses" due to "piracy", which as everyone here knows is a load of bullshit
Yes, legalizing drugs would lead to some medical problems, because some people have trouble handling them, but the free-market price of opiate addiction is cheaper than a cigarette habit, so addicts wouldn't have to resort to crime to fund it, and they'd be able to get pure enough drugs that fewer people would be overdosing because of random quality or getting HIV and other drugs because of sharing needles. (And marijuana's cost is entirely because of the black market - the stuff's a weed that grows anywhere you can grow tomatoes, so it ought to cost about $1/pound when it's in season.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I just took the referenced phishing test. Here's one of the answers, along with an explanation. Read it, and then tell me you think this test is legitimate: http://www.mailfrontier.com/quiztest2/answers/why_ q9.html
I sure as hell can't see the headers.
Ever since phishing got popular I started always showing full headers, not displaying html, and not autodisplaying images in email. Now, instead of getting phishing attacks, I get the interesting poetry that they use to get past the spam filters. Some of it is quite good and answers the age old question of whether a machine can create art.
Very little email that I want includes html that I want to see rendered, or pictures that I want displayed without warning. Combined with showing full headers it's pretty phish proof.
This "only 4 percent of users can spot a phished e-mail 100 percent of the time" thing is bogus anyway: that test is flawed:
1. You can't see the message headers or underlying message source. This can be very important when trying to figure out whether something is legitimate or not;
and also, more importantly
2. There is no context for the message. If you have no relationship with $BANK, then *any* message from $BANK is a phishing scam (or advertising, which is just as bad, I guess). You don't *need* to be able to identify it as 'phish' or not from looking at the message.
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
Osama Bin Laden alone is/was worth several hundred million dollars.
According to cringely, the solution to the problem would be for everybody to give the phishers bogus information. Bogus credit-card numbers etc. If thousands of people did that, the phishers would be frustrated out of existance, or maybe even caught.
I've tried this once or twice, but I'm too lazy to keep it up.
The only way to consistently determine if an email is real or a well fashioned phishing attempt is to look at the link addresses. This test doesn't give you any of the info that a real email would have so the test only collects data about nothing. Give us a real test and then the percentages would be interesting.
The pointed to Phishing IQ Test is, at least to my ideas, bogus.
I identify phishing e-mail by looking at headers, link URLs, etc.
The test e-mails were screen shots where URLs were dead and headers were missing.
-kb
Yes, we all know that the internet was invented on August 6, 1991. That's when we celebrate Intarweb Day across the word (wide web).
Gee, what's that sound? WHOOOSH!
It's not offtopic, dumbass. It's orthogonal.
I kid you not -- my last mod point expired just as I loaded and read this post.
So frustrating!