Slashdot Mirror
Phishing Is a Minimum-Wage Job
rohitm918 writes "A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"
I always wondered what the remaining 5% of computer science majors did, who didn't end up working minimum wage jobs at McBurger Queen...
Minimum wage in the US perhaps but when the phishers live in a country with a higher exchange rate. They can be making considerably more than minimum wage in their own country. Infact I bet you could work and also do some phishing on the side (just like granddad use to do).
Everyone knows that if you overphish a stream, there's no phish left for everyone else. Its a classic case of resource depletion!
I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job. I remember a few years ago there was a problem of newspaper machines getting broken in to and the change stolen. They finally caught the guy and estimated he'd been making well less than minimum wage. It wasn't a trivial job to get in them and it isn't as though a ton of papers are sold from those. While there certainly are criminals who make bank (like drug lords) often you'll find that really criminals would do just as well to get honest work.
Another thing is that you are talking about something where your success rate is very low, and even when you do have a success in terms of getting info, you don't necessarily get anything with it. Just because you steal someone's account and try to use it, doesn't mean it works. For example I had my credit card stolen. Wasn't a phishing scam, just someone that had got a hold of the number, but either way they had it. As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat. So even though they were successful in getting my card, they weren't successful in getting anything with it.
So all in all ti doesn't surprise me that phishing is a low paying job. You aren't going to get many bites, some of the ones you DO get will be fake (I love filling out phishing forms with fake data), and even when you do get legit info, you might not get to use it.
...and neither does farming!
(slogan I saw on a baseball cap as a kid, maybe 25 years ago. One of my grandpa's buddies was wearing it.)
If you read their paper.
Also it is even worse, when you get down to it: People (contrary to evidence some times) have the capacity to learn. As phishing becomes a bigger problem, there's more news on it, more efforts to educate people about it and so on. So the pool of candidates shrinks. Likewise some companies start implementing technologies that make it hard/impossible to do (Paypal has a secure ID token you can get now for example).
So it isn't just a case of depleting the pool of dollars belonging to the people who can get phished, it is also a case of less people being available to be phished. While you'll certainly never educate everyone, I'd say awareness of phishing is much higher these days and many more people take care to protect their information.
Yes, you have the first post, but edit your hosts file to point slashdot.org to 69.16.232.239, then log in with your username and password and comment for yet another first post! I promise it'll be worth your while, just like your twitter is!
And in case your browser does not stop you, do NOT actually log in to the access-login page above, unless you drool and make funny noises. And the IP used for the hosts file joke was random and does not VHost-phish slashdot.org. Disclaimers suck, don't they?
You have the choice:
1. earn minimum wage at McDonalds
2. earn less than minimum wage selling drugs
Which do you choose? Selling drugs of course. Why? Cause you've got respect for yourself and refuse to work a demeaning job.
Before you object, whether or not you agree that working at McDonalds is demeaning is irrelevant. Many, many, many women have been given the choice:
1. work as a stripper
2. work as a waitress
and decided that working as a waitress is less demeaning than working as a stripper. You may disagree with that, also but that's also irrelevant. The facts are that you can make a lot more money working as a stripper than as a waitress, and yet so many people choose not to.
The economically rational human is a myth.
How we know is more important than what we know.
They'd do better with a real job.
And thus being a perfect master of all questions of human economic activity(except for currency related theory, which is why I'm just going to parrot gold-standard talking points until we get to that chapter next semester in Econ 102) I have a solution!
Clearly, since phishing shows the classic signs of being a tragedy of the commons(if I were serious, I would put a patronizing link to the wikipedia article I had read just moments before in this spot) we must divide up the world's computer using idiots and make individual blocks of them the property of particular phishers, thus aligning incentives and ensuring optimal exploitation of the Lusers. I call all AOL usernames that start with "a"!
The only ones who made any real money were the ones who bought in early; the vast majority of Amway reps break even at best.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
I have the 419 examples you requested, but I need $3000 to get them through customs.
Actually, A friend of mine was a marketing intern and turned to "slangin" as he called it. He made quite a bit of cash off the "nickle and dimers" by doing a little market analysis and identifying the non-public congregation points thereby raising his return on time and lowering his risk of being caught since most everyone there knew and could vouch for everyone else, then selling to them exclusively. He became known for delivering the desired goods in a far more timely fashion than could be acquired elsewhere and made those congregation points far more popular in the process. It was interesting to watch this occur. I observed for more than a year and rather enjoyed the constant female attention his customers lavished, you can probably see how that would work, the more you hang out with the supplier, the more deals you get.... In real life, he made a little over minimum wage, and oddly was my boss, then my employee.
Sigh, college life, how we miss you...
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job.
Steven D. Levitt addresses this in his book, Freakonomics. Chapter 3 is titled Why Do Drug Dealers Still Live with Their Moms?
Breakfast served all day!
Every person places a different value on the same thing. If the difference in pay in X dollars per week, and girl A values her self-respect at X + 100 dollars, it would be irrational for her to strip instead of waiting tables (assuming other values are the same). If girl B values it at X - 200 dollars a week, it wouldn't make sense for her not to strip.
Just because you would make a choice differently doesn't mean they're not participating in the choice.
Have you been touched by his noodly appendage?
Please read Chapter 3 of Freakonomics or at least the synopsis on Wikipedia. Short answer dealers get to handle a lot of money in much the same way as bank tellers do. They don't get to keep all that much,
read my mind at http://the-willows.blogspot.com/
For instance, some football players make a lot of money, so families, schools, colleges spend huge amounts of money to get people a position where they can make this money. In fact, even if one only considers colleges that are regularly recruited, the expectation value of income for these players are minimum wage. Of course, they can make money if they have others degress or skills, but the expectation if the rely on the game is very small.
As mentioned, many people prefer a small income with criminal activity rather than an honest, if perhaps uncomfortable job. People also prefer jobs they think they can have fun with to jobs where they actually have to put a honest days work.
We see this with the Madoff case, where it is better to be rich and work at a dishonorable profession than honorable and not so well off. Why would Madoff, or his criminal kids, be more respected than a person who is on time and does a good job at McDonalds?
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
This is speculation, but my (big fat) gut tells me that while this might be true in general, there's probably at least one person at the top of a major phishing scheme making decent money.
Sure, the peons (as in any industry) who do the actual labor get paid crud, my guess is that Upper Management does just fine. Sure, unskilled labor gets the market rate for such.
Ummmmmmmm.....not quite. Depends on what you're selling and who you're selling it to. While Freakonomics covers crack dealers, crack isn't really all that lucrative. I personally know at least 5 different people -- none of whom know each other beyond acquaintance -- who at various times made a killing selling (primarily) marijuana. None of those people would have sold an ounce of crack, mostly for the reasons outlined in Freakonomics.
My blog
Comment removed based on user account deletion
Perhaps were raided by the BSA for using unlicensed copies of Acrobat Distiller.
Hey, a man can dream...
Blank until
Increasing effort is a sign of failure, according to the summary.
Stasis is death. Embrace change.
Poor phishers