Phishing Is a Minimum-Wage Job

rohitm918 writes "A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"

So that's what they do...

[Garridan]

I always wondered what the remaining 5% of computer science majors did, who didn't end up working minimum wage jobs at McBurger Queen...

Re:So that's what they do...

[Anthony_Cargile]

Oh yes, the article makes it sound like they'd rather apply at Wal*Mart for shelf-stocking rather than phish, but honestly - having a myspace password or five is probably less paying than stocking shelves and fetching (or pretending to fetch) an item or two every now and then. And IMHO, Wal*Mart stockers (at least in my area) are probably more competent than most phishers, at least from the obvious fakes I've seen.

Sorry if I was an insensitive clod and offended any /.ers that happen to stock shelves for a living.

Re:So that's what they do...

Willing to steal from people, and at a low wage to boot. What wonderful people. The lowest 5% of comp sci majors you say? Note to self: Never piss off someone who's pulling a D in Programming 101 in a dark alley.

Re:So that's what they do...

[Anthony_Cargile]

...pulling a D in Programming 101...

For some reason, my tired eyes read that as "someone programming in D", and I thought to myself, "When did D become a huge hax0r language all of the sudden?" Because everyone knows the real black hats use M!

Re:So that's what they do...

[morgan_greywolf]

Hey! I'm an insensitive clod who makes fun of people who happen to stock shelves for a living, you insensitive clod!

Re:So that's what they do...

[holywarrior21c]

Good thing that they are not forming phising union and do strike all the effing time

Re:So that's what they do...

They just don't know what to do with their business -- they should steal it and sell it back to them.

Re:So that's what they do...

[jonbryce]

Yes. I got an email from the Financial Services Authority the other day asking me for my bank details due to some sort of security alert. I'm not even sure which bank I was supposed to enter them for. Needless to say the site didn't go anywhere near fsa.gov.uk.

Minimum wage in the US

[Dyinobal]

Minimum wage in the US perhaps but when the phishers live in a country with a higher exchange rate. They can be making considerably more than minimum wage in their own country. Infact I bet you could work and also do some phishing on the side (just like granddad use to do).

Re:Minimum wage in the US

[teh+moges]

If you read the article (which no-one ever does, but just in case you get modded insightful by a mod who didn't either), you'll see that minimum wage is a relative term.
The pool of phishing money is (more or less) static, so when more people start phishing (which happens as it becomes easier), the available money per phisher goes down until its not worth it. If this is less then the minimum wage, then people wouldn't do it, if its more, then more people do it. Hence it stabilizes around that mark. This is also one of the reasons why there are more phishers in poorer nations.

Re:Minimum wage in the US

[Shakrai]

This is also one of the reasons why there are more phishers in poorer nations.

Don't worry, Obama is gonna fix that. He'll pass tax incentives to help encourage businessmen to keep those phishing and bot-net writing jobs here in America ;)

Re:Minimum wage in the US

There ya have it folks! Eliminate the minimum wage and you'll eliminate spam!

Re:Minimum wage in the US

[martin-boundary]

There's no evidence that the pool of phishing money is static, it's *assumed* by the article (section 4.4) based on some arbitrarily fixed small fraction of estimated numbers of web surfers being phished (0.37%).

Now, if you pretend that X amount of money must be shared by phishers no matter what, then it makes sense that more phishers means smaller returns for each on average. Of course, that doesn't mean that "superstar" phishers couldn't be increasing their share at the expense of "average" phishers, and it doesn't even allow for the possibility that more overall phishing activity can increase the phishing money pool by raising the number (0.37%) of web surfers who get scammed globally.

Re:Minimum wage in the US

[elloGov]

which no-one ever does, but just in case you get modded insightful by a mod who didn't either

I'm particularly interested in the headline and the great summary. It's nostalgic to see Tech Giants conducting behavioral interdisciplinary studies to apply to the information industry. Furthermore, the subtle taste of a public showdown with a lot undertone and hushes is a bit all too familiar and all too ironic (Microsoft behaving like an oligarchical government.) Frankly, you are just too damn pissed off that you read 12 pages of that shit. :_o)

Re:Minimum wage in the US

[Dpaladin]

This principle in economics is called market equilibrium. Supply and demand applies kind of oddly to this situation. You would say that the employers are the people who get phished, and that, as you point out, there's a finite amount of money in it. So we have the supply (S) of phishers offering their services, and the demand (D) for said services (D). When S increases, D decreases because, "No thank you; I got phished yesterday." So the average wage per phisher goes down.

But in all seriousness, some of these guys probably make decent money. It's even more difficult than average to claim that you have an accurate picture of the situation, as it's not exactly public information until you catch one of them. A phisher that is. Not a phish.

Re:Minimum wage in the US

I modded him insightful just to spite you.

http://img141.imageshack.us/img141/5945/insightfulpk4.png

Re:Minimum wage in the US

[Dox96]

I know you're trying to be funny, but logic dictates the exact opposite. Assuming that phishers would rather do ordinary work if it pays better, then the higher the minimum wage, then the number of phishers would be reduced until the amount received from phishing increases above the minimum wage.

Eliminating the minimum wage does the opposite - the number of phishers would increase until the return is reduced to such a level that they can't eat. At some point the amount of new phishers entering the phishing industry balances out with the number of phishers dying from starvation and you achieve equilibrium.

So there you have it - the higher the minimum wage, the lower the phishing; and conversely the lower the minimum wage, the higher the phishing. QED. :-)

Re:Minimum wage in the US

[Dox96]

Actually the article does address this - it states that statistics show that about 66% of the population have already been attacked by phishers (section 4.1.1), and that therefore there is limited scope for the expansion of the phishing industry.

Re:Minimum wage in the US

[martin-boundary]

Those 66% are quoted Gartner estimates from 2006 in ref[13]. The funny thing is that refs 12-14 are Gartner reports, and TFA criticizes their methodology (including [13]) in sections 5.1.4 and 4.2.2, because they don't actually want to accept Gartner's findings of large statistical differences over the years studied. Seems like picking and choosing to me.

Re:Minimum wage in the US

[mianne]

Yes, if you can't hack it in a Bangalore call center, phishing is probably more profitable than begging on the streets.

Re:Minimum wage in the US

[Bastard+of+Subhumani]

about 66% of the population have already been attacked by phishers (section 4.1.1), and that therefore there is limited scope for the expansion of the phishing industry.

Is phishing like measles - once you've had it, you can't get it again?

Re:Minimum wage in the US

[Talderas]

At some point the amount of new phishers entering the phishing industry balances out with the number of phishers dying from starvation and you achieve equilibrium.

Wouldn't this be a good thing? You get blights on society destroying themselves. This means one of two things the ones that continue to die out are the new and bad ones, leaving only the good ones to fester, or the old ones die out as the new ones will accept lower payments, thus taking talent out of the phishing pool.

It's a win-win either way.

Re:Minimum wage in the US

[CodeHog]

I want to state for the record that I claim copyright to 'Obama will fix it' slogan. It's mine but you can use it.

Re:Minimum wage in the US

[phedre]

This is all utterly ridiculous anyway. I've seen too many people unwilling to do LEGAL forms of work, when even a day labor job or a McDonald's job would bring in more money than they have now. Simply put, they would rather be broke than put in a days work.

Re:Minimum wage in the US

[jonbryce]

I would have thought the pool of phishing money would decline over time.

When I get about 10 email per day from various banks asking for my login details, I very quickly learn to ignore all of them, and even if I didn't, am I going to respond to every single email from Abbey National or Lloyds TSB?

No more phish!

[Notabadguy]

Everyone knows that if you overphish a stream, there's no phish left for everyone else. Its a classic case of resource depletion!

Re:No more phish!

people should learn... there's plenty of jobs as pharmers and phlorists... or even phirephighters

Re:No more phish!

That's... phenomenal! Oh wait...

Need a new plan

[jerep]

Damn, and I had just planned to enter the phishing business for a quick buck..

Re:Need a new plan

[slugtastic]

Being a drug dealer at the night clubs is a worthwhile alternative.

Re:Need a new plan

[jerep]

How did you know?!

oh wait..

Re:Need a new plan

[bunratty]

Haven't you heard? Microsoft has shown that jobs that require low skill pay a low wage, whether it's legal or not. So drug dealers all make near minimum wage.

Re:Need a new plan

Exactly, same thing with bank robbery and insider trading!

Re:Need a new plan

[slugtastic]

Are you suggesting that drug dealing needs no skills? Seriously!? You know how hard it is to make pretty, geeky girls to try their first extazy? No sir, its not as easy as it sounds.And then you need to also worry about the Police.

Re:Need a new plan

[quote]pretty, geeky girls[/quote]

Statistics are meaningless when the sample sizes are so low.

Re:Need a new plan

[Missing_dc]

Actually, A friend of mine was a marketing intern and turned to "slangin" as he called it. He made quite a bit of cash off the "nickle and dimers" by doing a little market analysis and identifying the non-public congregation points thereby raising his return on time and lowering his risk of being caught since most everyone there knew and could vouch for everyone else, then selling to them exclusively. He became known for delivering the desired goods in a far more timely fashion than could be acquired elsewhere and made those congregation points far more popular in the process. It was interesting to watch this occur. I observed for more than a year and rather enjoyed the constant female attention his customers lavished, you can probably see how that would work, the more you hang out with the supplier, the more deals you get.... In real life, he made a little over minimum wage, and oddly was my boss, then my employee.

Sigh, college life, how we miss you...

Re:Need a new plan

[kzieli]

Please read Chapter 3 of Freakonomics or at least the synopsis on Wikipedia. Short answer dealers get to handle a lot of money in much the same way as bank tellers do. They don't get to keep all that much,

Re:Need a new plan

[morgan_greywolf]

Ummmmmmmm.....not quite. Depends on what you're selling and who you're selling it to. While Freakonomics covers crack dealers, crack isn't really all that lucrative. I personally know at least 5 different people -- none of whom know each other beyond acquaintance -- who at various times made a killing selling (primarily) marijuana. None of those people would have sold an ounce of crack, mostly for the reasons outlined in Freakonomics.

Re:Need a new plan

-- who at various times made a killing selling (primarily) marijuana.
Of course this is the one good method to get money out of drugs. You track the local drug dealer, learn where he lives, at what point does he have the most drug on him. Then you ambush him in a dark alley in his usual route. Kill him and take his drugs for free. Sell all your newly acquired drugs to a different drug dealer and disappear. Move to a different area and repeat again.
IANAL, this method could be patented and/or illegal in your jurisdiction.

Re:Need a new plan

[YourExperiment]

You mean become a pharmacist?

Re:Need a new plan

[kzieli]

Hmm ... can you patent illegal business models and then sue the Mob for infringing on your patents? A Method for distribution of a contraband substance. Oh the possibilities ...

Re:Need a new plan

[Blkdeath]

Ummmmmmmm.....not quite. Depends on what you're selling and who you're selling it to. While Freakonomics covers crack dealers, crack isn't really all that lucrative. I personally know at least 5 different people -- none of whom know each other beyond acquaintance -- who at various times made a killing selling (primarily) marijuana. None of those people would have sold an ounce of crack, mostly for the reasons outlined in Freakonomics.

So do I. One such dealer wound up taking on a financial partner who wanted to sample just about as much as they were selling so the cut product was barely covering the cost of acquisition. Essentially they were snorting for free. Another infamous dealer in the same area who dealt only in marijuana had purchased several large, lavish luxury items and always had a large quantity of cash on hand. Then he got busted and lost everything he owned in the name of proceeds of crime. AFAIK he's still cooling his heels behind bars.

The biggest problem with your statement and the drug business in general is law enforcement, risk, and market factors. Believe it or not there are several very heavy market forces that affect the drug trade. Major busts drive the price up at the dealer level primarily because it's driven up at the supplier level. If you happened to be fortuitous enough to stock up large before a major bust and you cut and weigh your product smartly you can briefly cash in, but then the supply chain dries up and you spend all your money re-upping the next time anyways. Customers are also fickle creatures. As soon as you don't have product you stop being the go-to-guy. Next thing you know you're sitting on lots of product and the phone ain't ringing.

When you average out the income of a typical drug dealer and assume they can actually manage to operate for more than 5-10 years without being caught, I think you'll find they don't make too much more than a mid-level factory worker. Their biggest benefit is the fact that their money is all tax-free so they don't lose a cut to the gummint. Then again, most mid-level factory workers don't have to look over their shoulders as they punch the clock. :)

Re:Need a new plan

[Uzuri]

The biggest possibility is likely to be you getting a nice new pair of cement shoes...

Not really all that big a surprise

[Sycraft-fu]

I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job. I remember a few years ago there was a problem of newspaper machines getting broken in to and the change stolen. They finally caught the guy and estimated he'd been making well less than minimum wage. It wasn't a trivial job to get in them and it isn't as though a ton of papers are sold from those. While there certainly are criminals who make bank (like drug lords) often you'll find that really criminals would do just as well to get honest work.

Another thing is that you are talking about something where your success rate is very low, and even when you do have a success in terms of getting info, you don't necessarily get anything with it. Just because you steal someone's account and try to use it, doesn't mean it works. For example I had my credit card stolen. Wasn't a phishing scam, just someone that had got a hold of the number, but either way they had it. As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat. So even though they were successful in getting my card, they weren't successful in getting anything with it.

So all in all ti doesn't surprise me that phishing is a low paying job. You aren't going to get many bites, some of the ones you DO get will be fake (I love filling out phishing forms with fake data), and even when you do get legit info, you might not get to use it.

Re:Not really all that big a surprise

[piltdownman84]

Very true, I know a guy who sells pot. He is always bragging about how much money he makes. I always have a good laugh on the inside because the amount is pretty low. Sure he is making more money than the kids at burger king, but he is in his mid twenties.

Re:Not really all that big a surprise

[Garridan]

I think a large part of the problem is, these people are crooked. Stealing out of newspaper machines? Pretty damned low. Chances are, you give a job like that, and he's going to steal from you, too -- so you fire him within a week. Unemployable, he continues stealing until he gets a nailed and sent to jail where he doesn't have to pay rent. So really, sometimes these guys are just doing whatever they can to make a buck.

Re:Not really all that big a surprise

Does he pay tax on his earnings ?

Re:Not really all that big a surprise

[Shakrai]

Very true, I know a guy who sells pot. He is always bragging about how much money he makes

If he's selling drugs (even something as harmless as pot) while running around town bragging about it, he's likely to discover that his cost of doing business will be going up soon.....

I'm not a big fan of a war on drugs but I don't have much sympathy for someone that mind numbingly stupid either. I always used to suspect that a friend of mine had a grow-operation going on -- but I never asked and she never told. If you are going to get involved in anything like that the first rule you learn is to keep your fucking mouth shut.

Re:Not really all that big a surprise

The second rule is: You get out before you're big enough to be worth taking down.

Even if you're just gonna set up shop somewhere else. And hope to hell there isn't someone more violent and territorial who'll want to make an example out of you.

Re:Not really all that big a surprise

[Shakrai]

The second rule is: You get out before you're big enough to be worth taking down.

I wouldn't have the balls to get into dealing. The risk to reward ratio just isn't there for pot and I don't believe in any of the harder stuff.

Re:Not really all that big a surprise

[PCM2]

I wouldn't have the balls to get into dealing. The risk to reward ratio just isn't there for pot and I don't believe in any of the harder stuff.

On the other hand, the risk seems pretty low. Most pot dealers don't stand on a streetcorner, and many don't even advertise. Business is all word of mouth, and most customers repeat once a month or more -- nice and predictable income. Maybe every once in a while a dealer will try to up-sell a customer some mushrooms, but that's about it. Overall, selling pot seems like a much less risky business proposition than opening a coffee shop.

Re:Not really all that big a surprise

[fishbowl]

"As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat."

Didn't get caught either. Merchant should have shipped "the goods" and had federal marshals "deliver them".

Re:Not really all that big a surprise

[fishbowl]

>On the other hand, the risk seems pretty low.

Three words: Civil Asset Forfeiture.

Re:Not really all that big a surprise

My father used to smoke, grow and deal pot. While they're not hanging out on a street corner dealing, it is pretty obvious when someone is dealing pot by all the cars that frequent a house for periods of around 5-15 minutes. Also, once the cops are aware that you grow the stuff and do little else they'll regularly show up every couple of months to bust you. This was in South Australia where sufficiently small quantities of pot were considered personal use and you were fined and had said pot confiscated.

My father would have earned more money with an honest job for less of an emotional cost. The paranoia, the imaginary vast government conspiracies, rarely ever leaving the house. But a great deal of that was probably the alcohol and pot abuse.

Re:Not really all that big a surprise

[alexborges]

And that is because of the prohibition.

You speak truth, master PCM2.

Re:Not really all that big a surprise

[anglico]

Well in Humboldt, it's almost legal, as close as you can get without actually admitting it. Unless you have more than an ounce on you , you're not looking at a lot of trouble from police. They said in a TV special that if it weren't for the majority of cash from weed a lot of small business wouldn't have been started. The local weekly magazine did ANOTHER article on it last week:
http://www.northcoastjournal.com/issues/2009/01/01/new-years-eve/
What most people don't tell you about farming pot is the high electric bills, the risk of fires from those lights, the nutrients you need to grow good weed as well as the attention to the trimming and such to allow maximum light through. The paranoia of being found out is another detriment, like I said, an ounce or less and they will pretty much warn you. Unless of course you have baggies and a scale, nevermind a gun or two, those will get you in big trouble with just an ounce or not. You can make a lot of money, but like all businesses, the bigger you get the more people you got to hire, can you trust them are they even close to productive being a stoner. The locals say there are a lot of shallow graves up here because of the weed industry.

Re:Not really all that big a surprise

Location location location.

Just like a coffee shop.

Re:Not really all that big a surprise

[PCM2]

It's a little different these days here in California. Many traditional pot "dealers" are being phased out by the new medical marijuana industry. Most friends who buy the occasional eighth now just get it from one of their friends who smokes a whole lot more than they do. That friend will almost certainly have a "pot club card," and he'll just go in and buy a little extra to sell off to his friends in need.

Yes, if you have a card you can literally walk into a store and ask for the amount of weed you want to buy. And the selection is better than most traditional dealers ever had. Most have hash, hash oil, whatever you want -- even various pot-infused brownies and candies, many of which have amusing "stoney" labels based on other products/brands. (There is an actual legitimate medical rationale for this -- many of the people for whom the medical marijuana laws were intended, cancer patients and the like, have difficulty inhaling marijuana smoke and prefer to eat it.)

I don't smoke myself, so it's hard for me to judge whether this all seems as bizarre to longtime pot smokers as it does to me. But it beats the pants out of getting busted by the cops every few months.

BTW, your dad's scenario sounds a little more hardcore than any of the pot dealers I've known. Most of them had jobs. If high-margin drug sales as a profession is your bag, you'd be much better served as an in-call cocaine dealer. Hang around a bar or club, sell to the staff, then slowly develop a low-key clientele and don't sell to anyone you don't know.

Re:Not really all that big a surprise

[Neoprofin]

I would doubt it, even though the IRS requires him to report himself as a small business.

Then again, he also doesn't get health care or the 401(k).

Re:Not really all that big a surprise

[CarpetShark]

I mean for one thing, a lot of crime really doesn't pay well.

When it pays you well, your title is upgraded from "criminal" to "CEO".

But seriously... is this article even news? Socially destructive behaviour bites you in the ass eventually? Isn't that pretty much evolution 101?

Re:Not really all that big a surprise

[apoc.famine]

What's the chance I can start a LLC to sell weed? I mean, doing illegal things and avoiding jail time seems to work for most large corporations. What's the size/financial cutoff where I won't go to jail?

Re:Not really all that big a surprise

[tehcyder]

Overall, selling pot seems like a much less risky business proposition than opening a coffee shop.

Only if you don't count going to prison as a high risk.

Re:Not really all that big a surprise

Unless they were ordering hundred-thousand-dollar (if not more) items, there's no evidence that it would have been worth their time.

(I speak of is, not of ought.)

Re:Not really all that big a surprise

[sgtrock]

Move to California. :)

Re:Not really all that big a surprise

Yup, keep telling yourself that...

Re:Not really all that big a surprise

[sorak]

I hate to defend these people, but I would assume part of it is that you can either spend 8 hours a day at Walmart answering to somebody else, or you can spend less time somewhere breaking into a vending machine (or at home, setting up a fake bank website), working on your own schedule, not answering to anyone, getting the occasional thrill out of knowing that you just tricked (read outsmarted) someone, and make almost the same money.

Re:Not really all that big a surprise

[ibsteve2u]

On the other hand, if you combine the two businesses the uptick in donut sales should take the risk out of the coffee shop business.

Re:Not really all that big a surprise

[ultranova]

I think a large part of the problem is, these people are crooked. Stealing out of newspaper machines? Pretty damned low. Chances are, you give a job like that, and he's going to steal from you, too -- so you fire him within a week.

Or maybe he can't get a job because he has no job experience, and can get no job experience because he can get no job. Once the cycle goes on long enough, it becomes impossible to break it. I can well understand why someone would finally just say "fuck it" and become a criminal; it's the only door left open.

Tragedy of the suckers

[russotto]

So basically there are too many people trying to exploit a limited pool of suckers to make the endeavor profitable. So sad. However, I have a solution, check out my site at http://www.h0wtoph1sh.com.

Re:Tragedy of the suckers

[dmomo]

I tried to pay the $2.00 price for this solution by entering my Bank of America login and password as you required. But, I have yet to receive an email containing the information. Could you please send it again?

Phishing is Minimum Wage?

[Todd+Fisher]

Trey Anastasio seems to have made a pretty good living at it.

Re:Phishing is Minimum Wage?

[zifferent]

If only I had mod points.

Re:Phishing is Minimum Wage?

[zifferent]

Wow what a waste of a mod-point. Way to go.

Crime doesn't pay

[ecloud]

...and neither does farming!

(slogan I saw on a baseball cap as a kid, maybe 25 years ago. One of my grandpa's buddies was wearing it.)

I don't think so...

Just send me your bank details and I'll compare our earnings.

That's actually waht they argue

[Sycraft-fu]

If you read their paper.

Also it is even worse, when you get down to it: People (contrary to evidence some times) have the capacity to learn. As phishing becomes a bigger problem, there's more news on it, more efforts to educate people about it and so on. So the pool of candidates shrinks. Likewise some companies start implementing technologies that make it hard/impossible to do (Paypal has a secure ID token you can get now for example).

So it isn't just a case of depleting the pool of dollars belonging to the people who can get phished, it is also a case of less people being available to be phished. While you'll certainly never educate everyone, I'd say awareness of phishing is much higher these days and many more people take care to protect their information.

Re:That's actually waht they argue

[Martin+Blank]

Tokens don't make phishing impossible or even really hard. You just have to set up an additional layer that checks for varying passwords. If two passwords in a row are significantly different while also being the same length, it's probably a token, in which case you grab a couple of them, let the user in with the first (saving the password until the third attempt), and then sign in on your own to do whatever.

Session attribute checks (such as those used by Chase) can further increase the difficulty, but if someone falls for a phishing scam, there's a good chance that they're not noticing that you're doing a MITM attack.

Re:That's actually waht they argue

[gujo-odori]

I'm own the anti-phishing rules at a well-known email security company, and while I agree with the principle that over-phishing is causing problems, as it does with fishing (although as with phishing, the best phishers are catching a lot more phish than the worst pishers), I don't think very many people are doing much more to protect their information. What does seem to happen, though, is that - just as with fish that see lures dragged in front of them all day long - people are coming to think everything is a fraud (I see legit bank emails reported as phishing all the time). Some of them, anyway. I also see a lot of correspondence threads in which people have already handed over money to 419ers or are preparing to do so.

And of course, phishers are also diversifying somewhat. Earlier this year, account credential phishing became popular. The goal: not immediate financial reward via account plunder, but to get access to a legit login on a host with a good email reputation for the purpose of either using it to send fraudulent email, or using it to send regular spam for hire.

Financial losses continue to be high, and I'm not convinced that the 3.2 billion figure is off by a factor of 50, even if it might be on the high side. But earnings by the theoretical average phisher? Yeah, they've got to be off. There are so many phishers these days, so many people are deluged by phishing attempts, and at least for those who have a good spam filter, a figure north of 99% of those phishing attempts don't make it to the inbox anyway.

The ones that get me are the people who release blatant phishing from quarantine. I'd love to know how many of them later respond and get phished. I suspect that number is rather high.

And then there are the money mule scams. People fall for those all the time. The phish aren't getting that much smarter, as far as I can tell.

Re:That's actually waht they argue

[bluefoxlucid]

Fail. Your log-in is timestamped. It must both be the current token value AND not be during the same token window as the previous log-in. In other words, each token becomes invalid when the next is ready; and each can only be used once.

Re:That's actually waht they argue

Who own the grammar rules ?

>>I'm own the anti-phishing rules

Re:That's actually waht they argue

[Eivind]

That fails to work with most sensibly designed token-systems, because there's either a timestamp involved, or the tokens are required in a certain sequence.

For example, to log into my bank, I need to enter my account-number and pin, then it'll ask me for say token #37, which I can get from the token-thing. If a phisher got my pin and account-number and somehow convinced me to enter a few tokens, he'd still have low odds of suceeding, because he doesn't KNOW which tokens to ask me for, since he doesn't know which ones the bank will ask for next time.

He can MITM-it offcourse, but even this is tricky since a user-side SSL-certificate is used, he could get this, but it requires 3 tokens and most people would get suspicious since normal logins normally only require a single one.

Re:That's actually waht they argue

Grammar Hitler

Re:That's actually waht they argue

[Martin+Blank]

In the simplest form, you intercept two, not letting either through directly, then you send the first one when receiving the second one, and save the second one for your own login. This is exactly how phishers got around a European bank that used a list of OTPs. Depending on the OTP generation method, you may be limited on the timespan in which you can use it, but even time-synced token numbers are valid for a time range to account for clock drift in the tokens.

Re:FP?

[Anthony_Cargile]

Yes, you have the first post, but edit your hosts file to point slashdot.org to 69.16.232.239, then log in with your username and password and comment for yet another first post! I promise it'll be worth your while, just like your twitter is!

And in case your browser does not stop you, do NOT actually log in to the access-login page above, unless you drool and make funny noises. And the IP used for the hosts file joke was random and does not VHost-phish slashdot.org. Disclaimers suck, don't they?

Yeah, Right...

[blcamp]

Phishers don't make squat. Right. Because obviously it's not as profitable as working at the local oil change shop, or at Wally World.

I'd like to see 419 examples of how Nigerian scammers don't make money.

Re:Yeah, Right...

I have the 419 examples you requested, but I need $3000 to get them through customs.

Re:Yeah, Right...

And you are backing up your claim with what evidence? And Nigerian scammers only exist because a scammer makes more than other Nigerians.

Re:Yeah, Right...

[Pompatus]

It probably would be more profitable working at the local oil change shop or at walmart, but I doubt those places exist (at least in the way you think of them) in nigeria. Also, if you look at the GDP per capita of the United States and Nigeria you'll notice that the small amount of money made phishing is much more valuable in nigeria than it is in the united states.

Economically rational, isn't.

[QuantumG]

You have the choice:

1. earn minimum wage at McDonalds
2. earn less than minimum wage selling drugs

Which do you choose? Selling drugs of course. Why? Cause you've got respect for yourself and refuse to work a demeaning job.

Before you object, whether or not you agree that working at McDonalds is demeaning is irrelevant. Many, many, many women have been given the choice:

1. work as a stripper
2. work as a waitress

and decided that working as a waitress is less demeaning than working as a stripper. You may disagree with that, also but that's also irrelevant. The facts are that you can make a lot more money working as a stripper than as a waitress, and yet so many people choose not to.

The economically rational human is a myth.

Re:Economically rational, isn't.

[fred+fleenblat]

Just assign a value to, or create a market for, the lost self-respect and you're back in business from an economics standpoint.

Re:Economically rational, isn't.

[rossz]

It's not a question of most women not wanting to work as strippers, it's a simple fact that most women could never make a living as a stripper. The majority of people (both men and women) do not look all that good naked.

Re:Economically rational, isn't.

[QuantumG]

Hehe.. why do you think women get paid more to be strippers than to be waitresses? There already is a market for lost self-respect. People choose not to participate in it.

Re:Economically rational, isn't.

[homer_s]

You are fighting a strawman reg the 'economically rational human' - economics has as much to do with money as astronomy has to do with telescopes

Re:Economically rational, isn't.

[QuantumG]

Then those people are not presented with that opportunity. Thanks for finding something else irrelevant. You can always rely on Slashdot.

Re:Economically rational, isn't.

[Shakrai]

he majority of people (both men and women) do not look all that good naked.

The majority of strippers don't look all that good naked either ;) The novelty of the experience combined with low lightning and alcohol is usually enough to make up for this however.....

Re:Economically rational, isn't.

[grege222]

I recently heard Stephen Levitt (Freakonomics) speak, and he actually addressed your first example. It's actually the title example in his next book "Why Drug Dealers Live With Their Mothers." The gist of it being that while dealing drugs may make less money and certainly has more risk than McDonalds, their is greater opportunity for upward mobility. Just because you don't understand what's going on doesn't mean that it's irrational.

Re:Economically rational, isn't.

[BagOCrap]

Your point being that waiters and waitresses have no self respect?

Re:Economically rational, isn't.

[sentientbeing]

Speak for yourself. You aint seen this slashdotter naked, Honey.

Re:Economically rational, isn't.

[nirjhari]

But for M$FT, it is a perfectly rational approach to play down the concerns about malware, phishing, etc. Usual discourses about these issues usually end up at their door. As a corporate strategy, it makes more sense to get people to discuss ad nauseam about human virtues, strippers, drug dealers or for that matter about anything else, so long as the issue at hand stays muddled.

Re:Economically rational, isn't.

[QuantumG]

It's in Freakonomics. (clearly you didn't read it)

Re:Economically rational, isn't.

[Warll]

No, I think his point is that you have whore(d) reading comprehension.

Re:Economically rational, isn't.

[BagOCrap]

Pardon me, for not being at same level of comprehension as you. I thought this was ./ and no one would notice anyway.

Then again... If not waitresses, then strippers have no self respect? Either way, sounds like stereotyping to me.

Re:Economically rational, isn't.

[Belial6]

That completely ignores the fact that (with very few exceptions) all, all, all women are given the choice of:

1. Have sex with men for money and get another job to supplement that income. (This can include stripper or waitress)
2. Not have sex with men for money and get a job to supply their income.

The vast majority of women choose to have sex with men for cash, goods and/or services. Almost all of them know what they are doing, but there are FAR greater profit for the whole group if this is denied. The stripper is simply a little more honest about her business.

While some will take offense at that, there really is no reason. There are very good biological reasons for how our culture came to have prostitution as a common activity, and very good cultural reasons that it become something that was taboo to speak of. Irrelevant to that, comparing waitresses to strippers is a waste of time if you don't take into account which of them are hookers and which ones are not.

Re:Economically rational, isn't.

At least in metropolitan areas outside the bible belt, "stripper" is not the pariah it was a generation ago. As a result there is fierce competition for the jobs. You are framing "stripper" as some sort of "last resort opportunity" but in reality, it's not that easy to get "exotic dancer" jobs.

Re:Economically rational, isn't.

ever notice that most strip joints have a significant lack of lighting...

Re:Economically rational, isn't.

[Shakrai]

You are framing "stripper" as some sort of "last resort opportunity"

Umm, I did no such thing. All I said was that most strippers don't really look all that good naked, at least in my experience. YMMV.

it's not that easy to get "exotic dancer" jobs.

Did I say it was?

Re:Economically rational, isn't.

http://imgs.xkcd.com/comics/words_that_end_in_gry.png

Re:Economically rational, isn't.

[alexborges]

Okay, my friend BagOCrap, here it is slowly explained:

a) Most strippers make more money than most waitresses

b) Not all woman CAN become strippers, but some (id say most) surely can.

c) For those that can, when the option is presented to them, they tend to choose being a waitress.

Why?

Because, even if working at a strip club is not illegal (necessarily), most women that could become strippers, decide its not a good career to have when compared to waiting tables... even if the pay is WAY, WAY better than in waiting tables.

It so follows that this women do not, at all, take the best-profit decision and thus, are economically irrational.

This train of thought is not all that bad, but it does suffer from this flaw: it is shortsighted in that it does not take into account oportunity costs. Most women, perhaps, want to have kids and they might view stripping as a somehow incompatible endeavor with their PTA meetings or taking care of their kids (actual or in the future).

Even if you make good money by stripping, most gated suburbian communities aint gonna take your career choice lightly and will probably signal both you and your family as undesirables.

This is sad, but peer pressure takes its toll.

Re:Economically rational, isn't.

The majority of strippers don't look good naked, but only the hot ones get to strip in good clubs on Friday night when it's packed.

Re:Economically rational, isn't.

[Chmcginn]

This is sad, but peer pressure takes its toll.

I'd rather have all truely consenual acts be legal, but some frowned upon by polite society, than have only 'proper' things be legal in the first place.

Re:Economically rational, isn't.

[McGiraf]

I don't want to see some of the waitresses naked.

Re:Economically rational, isn't.

[__aabvlw4075]

http://xkcd.com/169/

If you're going to link to xkcd, you should link to the page, not to the image. The mouseover text is usually half the fun.

Re:Economically rational, isn't.

[retchdog]

I remember my intern officemate once talking disrespectfully about some girl at a stripjoint. I don't have anything against this in-and-of-itself, as it is part of the implied service a stripper provides. However, he was in dire need of an Outlook Adjustment for a few other reasons...

So I told him how much the strippers at that establishment make (most of it under the table) for what is basically a part-time job, and he got real quiet. Then I asked him, since I knew he was under the same "patent transfer" arrangement I was, what exactly the difference was between selling your body and selling your mind, apart from the fact that you'll never get your ideas back, ever. He didn't talk to me much after that. Some people can't handle the truth I guess.

Back on-topic (sort of): if Steven Levitt (the Freakonomics guy) is to be trusted, most "foot soldiers" in the drug trade actually do pull a second job at McDonalds. He tells the story that they are similarly undignified jobs, except that one of them incurs a much larger probability of dying: http://www.ted.com/index.php/talks/steven_levitt_analyzes_crack_economics.html

Re:Economically rational, isn't.

[johanatan]

The vast majority of women choose to have sex with men for cash, goods and/or services.

You are including *married* women in that statement, right? If you weren't, I was going to add it!

Re:Economically rational, isn't.

[digitalunity]

Most courts do not make rational decisions in this respect, but sometimes they get it right.

http://bbs.clubplanet.com/clubbing-other-areas/285444-oregon-supreme-court-overturns-ban-live-sex-shows.html

Oregon is a great example of the court choosing freedom of expression over the very vocal religious conservatives.

Re:Economically rational, isn't.

[KingAlanI]

I obviously can't speak on anything related to strippers, but commercial foodservice at minimum wage can be demeaning too...and I only did ~10hrs/week for 1 year. [in the back loading the dishwasher and such, rather than out in front of customers, but I'd surmise a similar principle]

Sure, I can hypothesize that dirty work with sexual overtones carries *more* risk and unpleasantless (bad reputation, the often-lowlifes that you interact with on the job, etc.)

Re:Economically rational, isn't.

[DNS-and-BIND]

1. Who said humans are economically rational all the time? Seriously, who comes up with these straw men?

2. Working as a stripper is morally depraved and the industry is filled with slimy crooks who couldn't get jobs in the recording industry. If there was a job opening involving hooking up monkeys' brains to car batteries for research, and it paid more than the stripper job, then by your logic there would be a line of skanky women lined up for the interview on Monday morning.

Re:Economically rational, isn't.

[QuantumG]

Yes, that was my argument, thank you very much for repeating it.

Re:Economically rational, isn't.

[mcrbids]

The economically rational human is a myth.

No, it isn't. It's just that people value things other than just money.

For example, I am a skilled knowledge worker who's also well grounded in business operations, administration, and sales. I have had a number of opportunities over the past few years to make lots and lots of money - and yet I continue to stay where I'm at. Don't get me wrong - business is good where I'm at - but for me, the value of doing something altruistic as part of my job is something I get immense satisfaction from.

Let's be honest; I'm comfortable. Not "private Lear jet" comfortable, but "rent a private plane from time to time" comfortable. But not only do I get to be one of the best in my industry, but my works truly improve the quality of life for thousands of kids, each and every day.

And that's something I'll give lots for.

Glamor has value. If it didn't, the local uber-swanky restaurant would go out of business in a week. Also, see the iPod, which is, feature-for-feature, pulverized by the far-cheaper Creative Zen, but is more glamorous. Status has value. Why else do you think Sachs 5th Avenue is still in business?

Don't shrug your shoulders and conclude that people are just dumb; realize that intangibles that alter people's buying habits reflect people's values. Ex-hookers aren't worth much as wives. Somewhere, I read that a monogamous married man "pays" about $70,000 per year to have a non-ex-hooker wife in lost wages. This makes sense to me, because for me, and ex-hooker is a non-starter.

Re:Economically rational, isn't.

[justinlee37]

less than minimum wage selling drugs

I take it you've never sold drugs before.

Re:Economically rational, isn't.

[msormune]

Why do you say working as a stripper is a woman only job?

Re:Economically rational, isn't.

[QuantumG]

The economically rational human is a myth. [..] No, it isn't. It's just that people value things other than just money.

You're an idiot.

Re:Economically rational, isn't.

[Zephyr14z]

I don't know if you've ever known a drug dealer, but they're doing a hell of a lot better than minimum wage. Tax free too.

Re:Economically rational, isn't.

[azenpunk]

black lights can really show off a fresh c-section scar. for every strip club where most of the women are actually attractive, there's two across teh tracks where...well, not so much.

Re:Economically rational, isn't.

[Eivind]

It so follows that this women do not, at all, take the best-profit decision and thus, are economically irrational.

That follows if your definition of "economically rational" is always taking the decision with the best financial reward, without concern for other costs and rewards.

But I don't know anyone who even CLAIM that people are, or should be, rational in THIS silly sense of the word. More commonly people define a economically rational decision as making the choice that gives the best benefit/cost ratio. In other words, taking a job that you find pleasant, where you'll earn $X can be the rational choice even if you're offered an unpleasant job at $3*X, assuming the value you place on having the more pleastant job is higher than $2*X.

Re:Economically rational, isn't.

[meringuoid]

The economically rational human is a myth. [..] No, it isn't. It's just that people value things other than just money.

You're an idiot.

Not a bit of it, he's spot on. Money is of value solely insofar as it can be exchanged for stuff people want. For goods or services. Only a few nerdy numismatists value money for itself. The game of economics isn't a game of getting money - it's a game of getting stuff you want.

Now the thing is, once you get past basic essentials, what people want can be anything. Entirely up to you. Market economics assumes that people act rationally in how they go about obtaining what they want, but not in deciding what they want in the first place. You really really like Beanie babies? Wow, I've got a bunch of them off my aunt and I don't care for them much. It seems you assign a higher value to Beanie babies than I do. Let's trade! That's why we have an economy in the first place: different people for their own personal reasons assign different values to each commodity, and we all trade, giving away what we value less for what we value more.

So, if a certain person values some abstract called 'dignity' and feels that this would be lost if they took a particular job, then that job will have to offer them a premium to compensate for this. How large a premium it takes will depend on how high a value is put on 'dignity'. It's no different from someone who hates commuting weighing up whether it's worth taking that high-paying job that's thirty miles away, or the lower-paying one within walking distance. Whether it's worth it depends on just how much he hates commuting. So also whether the stripper job is worth it depends on how much you value your dignity.

Re:Economically rational, isn't.

[meringuoid]

This subject is gone into in greater detail in Sudhir Venkatesh's book Gang Leader for a Day - he's the source for the Freakonomics chapter on the economics of the drug trade, and after the success of that book he wrote up the whole story of his study of the underground economy and society.

Re:Economically rational, isn't.

[ciderVisor]

If there was a job opening involving hooking up monkeys' brains to car batteries for research, and it paid more than the stripper job...

Shit man, I'd do it for free ! Could you send me an application form ?

Re:Economically rational, isn't.

People don't just live to make money (most of us, anyways), we live to have the best lifes we can possible have, for a personally defined value of "best". Otherwise you wouldn't have free time (you could be moonlighting elsewhere, earning a second salary), nor would you have kids (they cost money), you'd live in a cardboard box to save on rent, and so on.

Everything we value in life has, well, some value, even if it's hard or impossible to put an exact amount to it. But working in a non-demeaning job has a value and we recognize it without having to know exactly how many dollars it's worth, and we take it into account when making our choices. Consider this inequation:

working as waitress > working as stripper > working as waitress and not being able to feed your kids

Re:Economically rational, isn't.

[tehcyder]

The economically rational human is a myth.

I agree, but I would say that the reason most people end up selling drugs (or whatever criminal activiy) is that it is easier, and most people are lazy.
You may not earn as much money selling drugs, but you probably only work a few hours a week compared with eight hours a day sweating into burger buns at Mickey D's.

Re:Economically rational, isn't.

[GreatBunzinni]

It's only a myth if you don't understand the basics behind decision theory and you fail to understand the most basic economic fact of all which is: money isn't the end all, be all element in economy, let alone life.

Re:Economically rational, isn't.

[Muad'Dave]

Don't forget the 'tax advantage' from being a drug dealer, and also the lack of retirement/health care. Those decisions must play a part in deciding on your future career.

There, you made me sound like a guidance counselor!

Re:Economically rational, isn't.

[russotto]

You also have to consider the loss of future opportunity. For example, a woman working her way through law school as a stripper is likely to have trouble finding employment with law firms who find out about her past (and they will, because the partners are likely to have frequented the strip joints).

Re:Economically rational, isn't.

The economically rational human is a myth.

"Economically rational"? What a stupid concept. It only has meaning if absolutely no other deciding factors exist.

I am a software developer. I could make more money as a doctor. However, I don't want to be a doctor, I don't think I'd be a good doctor, and I wouldn't enjoy being a doctor. On the other hand, I am good at developing software, I like developing software, and I want to be a software developer. So, am I "economically irrational"?

The "demeaning" aspect is a factor in your stripper example, but it is only one of many factors. Amount of money earned is nowhere near the only factor in deciding what job to take in any situation.

Re:Economically rational, isn't.

[NeoSkandranon]

Is it necessarily even a matter of self respect? Plenty of people make stupid economic decisions purely in the name of avoiding a day's work.

Re:Economically rational, isn't.

[alexborges]

Exactly what I meant when I wrote that it is a shortsighted vision of the problem.

Re:Economically rational, isn't.

[rossz]

If you are male, I have no desire to see you naked. If you are female, that would depend. So was that an offer?

Like drug dealing

[Tsu+Dho+Nimh]

For every dealer who makes big money, a lot of others are just scraping by, hoping to get that lucky break.

They'd do better with a real job.

Re:Like drug dealing

[BagOCrap]

Of course they would. But then again, they'd probably have to lay off the pot or crack in order to do so.

Re:Like drug dealing

[hairykrishna]

I think that drug dealing is the same as any other business. The smart, business savvy, guys can make a lot of money. The stupid and/or unambitious scrape by on near minimum wage. This is certainly supported by the dealers I have encountered.

Staying off the crack probably helps too.

Re:Like drug dealing

I am not sure it has much to do with a lucky break... From what I saw in college, there was always a thin line between making money and being over exposed. Things got around via word of mouth, but none of my friends who dabbled in it ever really advertised. I do know some guys who were starting to pull in some serious, at least in college student terms, money. One's house got robbed a few times, the campus police raided two other guys dorm rooms and ended their drug dealing and college careers after that.

To get any bigger, they would have had to amplify their risk, by becoming even more well known around town and also becoming a target for theft or possibly rivals.

I am not sure what kind of "break" they could have gotten that would have helped them out aside from getting some sort of police immunity.

Re:Like drug dealing

[gmyuriy]

It is irrelevant how much they make in a real job vs scamming. What do you do phishing? Find a list of emails and hit send button. What do you do for waiting, stripping, really working? Work your arss off. There is the choice.

Who funded this "independent" research"???

lol, just kidding

If its an industry of talentless hacks...

[hilather]

Why does the security industry have such a problem with it?

If phishing was a no talent game, there would be better detection methods built into web browsers to deal with it.

Phishing is always going to work. There are tons of stupid people out there, and even more that are intoxicated or high on something. Either way, its easy pickings.

Re:If its an industry of talentless hacks...

[BagOCrap]

Phishing is very primitive in most cases; elegant, and nearing true social engineering in some others.

Of course the security industry is frustrated about not being able to successfully fight back such simple or primitive methods. Automatically.

Re:If its an industry of talentless hacks...

Simple economics there. If it's not a problem then the security guys don't get paid. So you make a lot of noise and it's a huge problem, ding payday!

Negative PR

[macraig]

Nah... they just wanna demoralize the phishers so they'll give up and beg Microsoft to hire them for the $10 an hour they now know they're worth.

Bit off-topic

[postmortem]

How come Microsoft people are using Latex? The PDF from article is produced using tex (dvipdfm).

Perhaps open source is welcome even in Redmond.

Re:Bit off-topic

Microsoft != Microsoft Research

Re:Bit off-topic

[Farmer+Tim]

Perhaps were raided by the BSA for using unlicensed copies of Acrobat Distiller.

Hey, a man can dream...

Having taken Econ 101...

[fuzzyfuzzyfungus]

And thus being a perfect master of all questions of human economic activity(except for currency related theory, which is why I'm just going to parrot gold-standard talking points until we get to that chapter next semester in Econ 102) I have a solution!

Clearly, since phishing shows the classic signs of being a tragedy of the commons(if I were serious, I would put a patronizing link to the wikipedia article I had read just moments before in this spot) we must divide up the world's computer using idiots and make individual blocks of them the property of particular phishers, thus aligning incentives and ensuring optimal exploitation of the Lusers. I call all AOL usernames that start with "a"!

Re:Having taken Econ 101...

Crap, you get administrator@aol.com... thats the biggest idiot with the most money...

Hmmmm

Stats compiled by a company running Excell and built Windows vs. the idiots of Gartner. To be honest, I am going to guess they are both way off.

Phishing is like Amway and other MLM's

[sydbarrett74]

The only ones who made any real money were the ones who bought in early; the vast majority of Amway reps break even at best.

Re:Phishing is like Amway and other MLM's

[digitalchinky]

I don't think the two revenue streams are similar, one is more or less a legitimized pyramid scheme (Amway) while the other is outright theft through deception. Worst case with Amway, you end up with a house full of hand soap that'll last you the next 30 years, not so good if your bank account gets cleaned out and all your cards maxed up though.

Re:Phishing is like Amway and other MLM's

[fuzzyfuzzyfungus]

That was my first thought when I hit the section on phishers making money by selling resources to optimistic noob phishers. Most of the money in something like Amway isn't actually in moving product, it is in so called "Business Support Materials", motivational tapes, seminars, and the like.

Re:Phishing is like Amway and other MLM's

[troll8901]

... you end up with a house full of hand soap that'll last you the next 30 years ...

Only true for IT geeks who spent most of their time in their parents' basements.

Slashdot readers, on the other hand, spend most of their time in their girlfriends' beds.

Phishable dollars as a fixed resource?

I don't think so.

I would expect that dollars phished would rather rapidly find their way back into phishable accounts. Every time a phisher uses phished money to buy something, say, a TV, that money eventually reaches common workers who put the money back into phishable accounts. The only way the pool of phishable money is decreased is when a phisher holds onto the money indefinitely.

It's the same philosophy as the money-multiplier effect in banking institutions.

yesterdays news...

http://www.theonion.com/content/video/obama_promises_to_stop_americas

Similarities to drug dealers

I work in Criminology and know that studies that focus on drug dealers show that they make far less than what most people imagine. Instead, many are in it because they need to add to their existing, legitimate, source of income or because they are attracted to the lifestyle. Its very possible that many phishers are tolerant of the low income simply because they enjoy living the lifestyle. Anyone interested in looking into the other possible links might want to read this.

Fleace and release

[EmbeddedJanitor]

Make everyone happy.

This has been pontificated about before...

[PCM2]

I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job.

Steven D. Levitt addresses this in his book, Freakonomics. Chapter 3 is titled Why Do Drug Dealers Still Live with Their Moms?

Mhm

[alexborges]

Wait... now how in the hell is it possible for an enterprise to survive if it doesn't earn its actors any kind of profit?

This reminds me of the Freakonomics book's chapter on crack dealing. It states that most crack dealers would actually be making more money doing something else, but they still do it because (if i remember correctly) its what their neighborhood does.

Now how does that map to electronic thievery, i have no idea.

wrong

They make some assumptions that simply aren't true. They seem to imply that there is no barrier to entry. That there is neither a technical barrier nor a moral one and that there will simply be as many phishers as there can be until the money drops below minimum wage.

On the analogy of drugs that some have suggested there are two completely different kinds of drug dealers; those that get high off their own supply and those that don't. Those that don't tend to make pretty good money. I've known more than one who put themselves through school dealing drugs.

Or they just value it higher

[Chmcginn]

Hehe.. why do you think women get paid more to be strippers than to be waitresses? There already is a market for lost self-respect. People choose not to participate in it.

Every person places a different value on the same thing. If the difference in pay in X dollars per week, and girl A values her self-respect at X + 100 dollars, it would be irrational for her to strip instead of waiting tables (assuming other values are the same). If girl B values it at X - 200 dollars a week, it wouldn't make sense for her not to strip.

Just because you would make a choice differently doesn't mean they're not participating in the choice.

Re:Or they just value it higher

To further this argument, one must also consider that not everyone will consider stripping one does because of lack of self-respect. Some even find it empowering.

The economically rational individual will strip for a living if the value they get from stripping is greater than the value it costs them. Each individual's definition of value is unique.

Re:Or they just value it higher

[Chmcginn]

The economically rational individual will strip for a living if the value they get from stripping is greater than the value it costs them. Each individual's definition of value is unique.

Sort of what I was trying to say, just better put. The point being, the GP is apparently trying to argue that economic decisions should be strictly about money, which is not what the free market is (entirely) about.

Re:Or they just value it higher

A dedicated devil's advocate might argue that one's sense of value can be explained by the monetary implications of various decisions. In the case of stripping versus waitressing, stripping offers increased wages in the short term, but also counts as a (perceived) "black mark" should the person in question aspire to something more than waitressing in the future. Additionally, stripping can be seen as a dangerous profession, with a moderate risk of quickly losing one's wage-earning potential in a variety of ways. Both of these might be considered cases of imperfect market information (many hirers simply wouldn't care about the stripping job, and stripping becomes much less dangerous if the stripper eschews drug use and actual prostitution), but it doesn't mean that it wouldn't be possible to rationalize the choices using earning potentials as a defining principle.

Re:Or they just value it higher

[QuantumG]

The point being, the GP is apparently trying to argue that economic decisions should be strictly about money, which is not what the free market is (entirely) about.

That's exactly the opposite of what I was arguing.

Slashdot is full of dickheads like you who can't even follow a simple argument.

Let be break it down into baby step for you because obviously you're incapable of thinking for yourself:

1. The theory of "economic rational" is that whenever an agent is presented the option to make more money than to make less money, they should choose to make more money. Even if there is other mitigating circumstances, they should make this decision, as the price as determined by the market will have taken these circumstances into account, and if it hasn't then they should haggle for a higher price. [NOTE: THIS IS NOT MY ARGUMENT]
2. To prove a theory is difficult, if not completely impossible in the social sciences.
3. To disprove a theory is easy, all you need to do is find a single example for which the theory does not account.
4. Some people are not happy with single examples, claiming that the theory need not be "perfect", so you often have to find more than one example. For some people it takes a lot of examples before they'll even think about a strongly believed theory.
5. I presented a few examples where people make decisions against their better interests as determined by economic rational theory. I alluded to others.
6. I tried to pick examples that people could relate to.
7. I tried to head off at the pass arguments that my examples were invalid because of differences of opinion. I, personally, find taking shit from customers to be demeaning, some other people do not. I, personally, find taking one's clothes off for money demeaning, some other people do not. I tried to make the argument that it is easy for you to imagine a situation that you would agree with that captures the basic essence of these decisions I described.
8. Another poster suggested that I was creating a straw man that was easy to knock down. Notably, that when you have a choice between two activities result in $X and $Y expected return and $X > $Y that you should always choose $X or you are not being economically rational. This person at least understood my argument (I think, but this Slashdot) so he's one up on you, but in any case, he's wrong, because that's what economically rational decision making is, by definition.
9. You retards managed to find the keyboard and slap out a reply that is retarded and emotional.

Re:Or they just value it higher

[digitalunity]

Stripping as a career is not economically rational.

As a person with several strippers for friends, let me enlighten you on market forces in this industry.

Stripper income can be strongly affected by people's perception of the health of the local economy. This effect has a negative correlation with population, meaning that clubs in small towns are even more sensitive to economic change. Belt-tightening can happen in strip clubs the same as anywhere else.

Last but not least, strippers age. As they get older, the physical requirements of the job become too difficult, particularly pole/cage dancing. As you age, you become less desirable and working in premier clubs becomes impossible. The end result for many strippers is they move from seedy to seedier clubs, turn to hooking or simply get a day job. The years spent stripping doesn't help them get a good job either, since the ability to spin around a pole at 1 RPM doesn't help them operate a computer or balance a register.

Working as a stripper for a long term career is a fiscally irrational decision, given that the income is neither stable nor will last for the duration of the time you need money. However, stripping your way through college is a rational decision and I support college-going women's decision to be strippers.

Re:Or they just value it higher

[yakovlev]

Economically rational doesn't mean what you claim it means, and the grandparent and great-grandparent poster were actually correct in arguing that the decision whether to strip or waitress IS a good example of economic rationality. While they tended to use the less technical term "value" instead of "utility" they are correct in their analysis that economically rational decisions involve more than just decisions about monetary gain.

"In economics, rational behavior in economics means that individuals maximize some objective function (e.g., their utility function) under the constraints they face." reference

In this case, the other posters are arguing that including a concept of "self-respect" in the utility function can make the decision to waitress an economically rational one. The argument is that if the increased utility (in the form of self-respect) from waitressing is greater than the increased utility (in the form of income) from stripping, then waitressing is the economically rational choice. If not, then stripping is the economically rational choice.

While you are correct that there are many examples of economically irrational choices, this is actually a textbook example of an economically rational choice. Knowing how economics professors tend to be a zany bunch, I could definitely see this one used in an economics class to explain the concept of utility.

Re:Or they just value it higher

[Blkdeath]

Every person places a different value on the same thing. If the difference in pay in X dollars per week, and girl A values her self-respect at X + 100 dollars, it would be irrational for her to strip instead of waiting tables (assuming other values are the same). If girl B values it at X - 200 dollars a week, it wouldn't make sense for her not to strip.

Just because you would make a choice differently doesn't mean they're not participating in the choice.

Why are you making the assumption that strippers don't have self-respect? Strippers tend to be very confident, powerful women more in control of their situations and bodies than most professional women out there. Where do you think the cliche of "stripping her way through law school" came from? Many professional women have stripped in order to support themselves through professional development.

To quote an old friend of mine who stripped for many years; "Stripping isn't degrading to women, it's degrading to men."

Think about it; it only makes sense. Next time you're at a strip club, take a look at the behaviour of the audience and the behaviour of the girls. If you can, focus on their eyes, faces and body language.

Re:Or they just value it higher

[Chmcginn]

Why are you making the assumption that strippers don't have self-respect? Strippers tend to be very confident, powerful women more in control of their situations and bodies than most professional women out there.

I spent a better part of a year working at a bar very close to the 'nice' strip club in town. A fair number of the girls who worked at that club came into that bar on a fairly regular basis after work. While a lot of them had the confident-woman imagine, all the ones I got to know on a personal level had some definite issues with the job, their outlook on men, and most had developed some kind of substance abuse problem.

Now, I'll admit, part of it is probably selection bias - if there was ones who never drank, they'd likely avoid going to a bar after work with the rest of their co-workers. But at least about half of them were out at some bar almost every night (well, really, morning) after work, and most of those had some definite issues with the job, even if they did love the pay.

Re:Or they just value it higher

> Working as a stripper for a long
> term career is a fiscally irrational decision,

The entire American economy -- with its short-term obsession on quarterly profits -- is equally "irrational," and one day soon Wall Street is just going to... oops! Too late!

big fleas feeding on little fleas

[Presto+Vivace]

I always thought that spammers were all scamming each other more than the rest of us. It must be a very sad world.

Irrational expepctation

[fermion]

It is this way any time someone waves huge amounts of money at a job people think anyone can do. It is likely that some spammers make huge amounts of money, so why not me?

For instance, some football players make a lot of money, so families, schools, colleges spend huge amounts of money to get people a position where they can make this money. In fact, even if one only considers colleges that are regularly recruited, the expectation value of income for these players are minimum wage. Of course, they can make money if they have others degress or skills, but the expectation if the rely on the game is very small.

As mentioned, many people prefer a small income with criminal activity rather than an honest, if perhaps uncomfortable job. People also prefer jobs they think they can have fun with to jobs where they actually have to put a honest days work.

We see this with the Madoff case, where it is better to be rich and work at a dishonorable profession than honorable and not so well off. Why would Madoff, or his criminal kids, be more respected than a person who is on time and does a good job at McDonalds?

Re:Irrational expepctation

[Creepy+Crawler]

The reason is that rich people are seen as doing something "Right", regardless how wrong or immoral or illegal it is.

Poor people are seen as stupid, "Wrong", and somehow a messed up life, no matter how simple and honourable they may truly be.

Re:Irrational expepctation

Mod parent up! It's actually hard to put a finger on it; however this feeling of "I'm doing it wrong" when confronted with a well-to-do con-man is quite hard to shake off.

Re:Irrational expepctation

[tehcyder]

The reason is that rich people are seen as doing something "Right", regardless how wrong or immoral or illegal it is.

Maybe where you live, not where I do. A rich fuckwit is still a fuckwit.

Opportunities Elsewhere

[dmomo]

This is speculation, but my (big fat) gut tells me that while this might be true in general, there's probably at least one person at the top of a major phishing scheme making decent money.

Sure, the peons (as in any industry) who do the actual labor get paid crud, my guess is that Upper Management does just fine. Sure, unskilled labor gets the market rate for such.

well yeah

[JeanBaptiste]

and I'd have to imagine that wow gold farming is less-than-US minimum wage as well. along with all kinds of other jobs both legal and illegal. While it may be less than US minimum wage, it might be a pretty good deal in the country of origin.

nigeria

[www.sorehands.com]

Minimum wage her is lots for the phishing schools in Nigeria.

This doesn't make sense

Why on earth would anyone ever want to work at a job that pays equal too or less than McDonalds, but with the added benefit of having less prestige?

Not to mention that you'll get pity from a McDonalds gig instead of a severe beating if you for some reason have too divulge what you work with.

yes phishing no high pay

[goffster]

whatever do you, not phish. low pay. do not phish.
illegal. Be doctors, lawyers and such.

Gartner...

[iconick]

Well everyone knows that IDS is dead!

Re:FP?

[bsDaemon]

I ran host on that IP, and it belongs to zeldauniverse.net -- so, its probably more fun than you meant it to be.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:FP?

[Profane+MuthaFucka]

Lansing Michigan? God I couldn't get out of that town fast enough. Took me 10 years. I blame I-69 and I-96. Who can fucking figure that out? It's so confusing.

This just in....

[SohCahToa]

a study put out by micro$oft says that a crime that mostly targets micro$oft software shows that, contrary to popular belief, that its not profitable. that is a SHOCK. wow, if i was a phishing publisher i would take micro$oft's advice and just shut down, because hey...they say it isnt profitable. Now i wonder if you apply the micro$oft saying of "As a consequence, increasing effort is a sign of failure rather than of success." quote to...oh...lets say....windows vista. interesting....is there a pot calling a kettle black

The slammer.

[john.picard]

I always say if these people are so damn skilled that they can figure out ingenious ways to illegally gain illegal gains, then why don't they put those incredible skills into something legitimate and make billions? Instead they do illegal things and take the risk of ending up inside the slammer. Some people are just so shortsighted.

Re:FP?

[Fluffeh]

I ran host on that IP, and it belongs to zeldauniverse.net -- so, its probably more fun than you meant it to be.

Only on slashdot would you get people who run random IPs listed in threads just to see where they point to, and then make a funny comment about where it leads them to. I loves it.

Re:FP?

[mcrbids]

You fail at phishing. That IP address doesn't even look at all like /.!

Re:FP?

[SleepyHappyDoc]

Increasing effort is a sign of failure, according to the summary.

Typical Microsoft Math.

They are assuming the time spent on phishing grows. However a good phisher can setup a method which requires very little human interaction. Thus getting money for free. If you do things right in the first place you don't have to spend the time later.

Re:FP?

I-96'd yours.

You're missing the point...

Sure the rate of return might be low and you consider it 'not worth it' when compared to a minimum wage job... But the criminal activity has some things going for it.

No costs. Usually.
No asshole boss.
Can work whatever hours you want. And do as much as you want.

Hell. right there. no asshole boss. thats worth alot.

cap:pardoned

Re:FP?

[Canazza]

actually, that happens alot on b3ta.com, but mainly to 213.52.224.79

Re:FP?

[Big+Hairy+Ian]

Fortunately you don't see nearly as many Goatse, MeatSpin or Twinks links as you used to

Demeaning?

[Shivetya]

Sorry the only reason such a job is demeaning to many people is because they have an exaggerated estimate of their own worth.

Look, when push comes to shove, when your children need to be fed, there is no job demeaning in THEIR eyes.

To be up front, I have more respect for the men and women at McDonalds than I have for the majority of government employees, especially elected officials. The fact that some people see those jobs as demeaning only shows that society has its values screwed up.

Work is better than no work, and illegal anything is never work. Its just an excuse to cover a fragile ego. That same ego is probably the whole reason they cannot do better. You cannot improve until your willing to accept where you are.

Re:Demeaning?

[GreatBunzinni]

You live in a fairy tale world. You fail to understand that we, humans, are social beings. We form social groups that have structure and organize individuals in social hierarchies. The members of those groups always wish to "move up" in those hierarchies because being on the bottom sucks.

The fast food business is seen as the most demeaning work in today's society because you are placed in the very bottom of your society's hierarchy. You earn minimum wage, you are forced to take orders from everyone that crosses your path, you are forced to wear demeaning uniforms and, to make matters worse, you have virtually zero prospects of being promoted. You are the sad sack of human flesh that was desperate enough to apply to the job that the entire society views as the lowest common denominator. Heck, it's so demeaning that that kind of job has a demeaning nickname and the companies behind that spend their money fighting the negative connotation that the nickname gives them.

But you can pretend that the entire world is something other than reality just to fit your pristine, idealized view all you want. Nonetheless, that won't make it real, will it?

Re:Demeaning?

[steveness]

Demeaning to you is different than to the GP. Make a list of jobs you could perform with no significant education, experience or skills. Most of them would meet your definition of demeaning. The GP argues that any honest work carries a certain level of respect in his eyes.

And really, you think fast food is the bottom? Have you ever seen Dirty Jobs? Maybe spend some time with migrant laborers? How about hotel maid? Prostitute? I could go on.

My daughter is looking forward to turning 16 so she can get a job in fast food - she sees it as an opportunity to make money, and believes that relative to other fast food workers she will excel and be promoted. In fact, McDonalds is rightfully proud of the number of franchise owners that started out as line workers. Any job that has a boss has an opportunity for promotion.

Just because you see the world from an elite tower of opportunity doesn't mean everyone else does. Come on down, and see life from the ground up - it really makes you appreciate what you have.

Get over your Amway tears.

[rohan972]

The only ones who made any real money were the ones who bought in early; the vast majority of Amway reps break even at best.

The vast majority of any commission only sales reps break even at best. What is it, about 9/10 businesses fail in the first 5 years? Here's the reality, most people are conditioned to employment and have lousy sales ability. A business that relies completely on individual sales success where you go out and "learn the trade" without anyone organising the work for you and paying you a wage just isn't going to work for most people. That's not necessarily a fault in the business model.

Re:FP?

[spartacus_prime]

What's wrong with Lansing, I've lived there for about 3 or 4 months and have found nothing terribly wrong with it.

What a sad world

[SpitfireSMS]

Where fishers make more then phishers.
Wasnt technology supposed to be the future?

Re:You Insensitive Clod!

[jenn_13]

...and some of us are programmers :)

Give them a bailout

[hodet]

Poor phishers

Re:FP?

[Profane+MuthaFucka]

I'll tell you what's wrong. The Sparty statue has no anus.

Re:You Insensitive Clod!

[alexborges]

And some of them are really good! :)

Its just that we are discussing this particular angle, not that any of us (certaintly not me: my mother has a masters degree in Political Science!), think that women are either strippers or waitresses.

Having said this, cut the average slashdotter some slack: for most of us, the only women we will ever fantasize about are waitresses and strippers.

Re:You Insensitive Clod!

[djdavetrouble]

Well I got modded down for my sarcastic comment, But really it was to point out
what a terrible example it was. Whooshes for all of you mods.

Lottery.

[alpha713]

So your saying rather than hoping to get bill gates credit card number I should just buy a lottery ticket?

Re:Lottery.

[Blkdeath]

So your saying rather than hoping to get bill gates credit card number I should just buy a lottery ticket?

Nope.

Why would anyone believe Microsoft?

[arnierosner]

Isn't it curios that Microsoft publishes the results of a study and it appears almost everyone accepts the results? Now how would Microsoft gain this insight unless somehow they were behind this activity?

That's not right

[Chmcginn]

The theory of "economic rational" is that whenever an agent is presented the option to make more money than to make less money, they should choose to make more money. Even if there is other mitigating circumstances, they should make this decision, as the price as determined by the market will have taken these circumstances into account, and if it hasn't then they should haggle for a higher price.

Regardless of which side of the arguement you're on, this isn't what the theory of economic rationality states. Unless one is making a strawman out of the arguement, it's not just about money.

Notably, that when you have a choice between two activities result in $X and $Y expected return and $X > $Y that you should always choose $X or you are not being economically rational.

Again, you're entirely focused on money, which isn't what rationality theory is about. It's about overall value for a transaction. Even if that's expressed in a dollar value, that's not just about the number of bills that change hands.

Re:You Insensitive Clod!

[alexborges]

Worry not: slashdot internal moderators SUCK BEYOND BELEIF

Re:FP?

Fortunately you don't see nearly as many Goatse, MeatSpin or Twinks links as you used to

citation needed

you know what they say about statistics..,

I'm surprised by how many slashdotters are taking this report as gospel. I completely agree with the propaganda... This is a great headline soundbite to lodge in the collective media conscience, but frankly, I think it's BS