Slashdot Mirror
Phishing Is a Minimum-Wage Job
rohitm918 writes "A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"
I always wondered what the remaining 5% of computer science majors did, who didn't end up working minimum wage jobs at McBurger Queen...
Everyone knows that if you overphish a stream, there's no phish left for everyone else. Its a classic case of resource depletion!
I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job. I remember a few years ago there was a problem of newspaper machines getting broken in to and the change stolen. They finally caught the guy and estimated he'd been making well less than minimum wage. It wasn't a trivial job to get in them and it isn't as though a ton of papers are sold from those. While there certainly are criminals who make bank (like drug lords) often you'll find that really criminals would do just as well to get honest work.
Another thing is that you are talking about something where your success rate is very low, and even when you do have a success in terms of getting info, you don't necessarily get anything with it. Just because you steal someone's account and try to use it, doesn't mean it works. For example I had my credit card stolen. Wasn't a phishing scam, just someone that had got a hold of the number, but either way they had it. As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat. So even though they were successful in getting my card, they weren't successful in getting anything with it.
So all in all ti doesn't surprise me that phishing is a low paying job. You aren't going to get many bites, some of the ones you DO get will be fake (I love filling out phishing forms with fake data), and even when you do get legit info, you might not get to use it.
Yes, you have the first post, but edit your hosts file to point slashdot.org to 69.16.232.239, then log in with your username and password and comment for yet another first post! I promise it'll be worth your while, just like your twitter is!
And in case your browser does not stop you, do NOT actually log in to the access-login page above, unless you drool and make funny noises. And the IP used for the hosts file joke was random and does not VHost-phish slashdot.org. Disclaimers suck, don't they?
You have the choice:
1. earn minimum wage at McDonalds
2. earn less than minimum wage selling drugs
Which do you choose? Selling drugs of course. Why? Cause you've got respect for yourself and refuse to work a demeaning job.
Before you object, whether or not you agree that working at McDonalds is demeaning is irrelevant. Many, many, many women have been given the choice:
1. work as a stripper
2. work as a waitress
and decided that working as a waitress is less demeaning than working as a stripper. You may disagree with that, also but that's also irrelevant. The facts are that you can make a lot more money working as a stripper than as a waitress, and yet so many people choose not to.
The economically rational human is a myth.
How we know is more important than what we know.
I'm own the anti-phishing rules at a well-known email security company, and while I agree with the principle that over-phishing is causing problems, as it does with fishing (although as with phishing, the best phishers are catching a lot more phish than the worst pishers), I don't think very many people are doing much more to protect their information. What does seem to happen, though, is that - just as with fish that see lures dragged in front of them all day long - people are coming to think everything is a fraud (I see legit bank emails reported as phishing all the time). Some of them, anyway. I also see a lot of correspondence threads in which people have already handed over money to 419ers or are preparing to do so.
And of course, phishers are also diversifying somewhat. Earlier this year, account credential phishing became popular. The goal: not immediate financial reward via account plunder, but to get access to a legit login on a host with a good email reputation for the purpose of either using it to send fraudulent email, or using it to send regular spam for hire.
Financial losses continue to be high, and I'm not convinced that the 3.2 billion figure is off by a factor of 50, even if it might be on the high side. But earnings by the theoretical average phisher? Yeah, they've got to be off. There are so many phishers these days, so many people are deluged by phishing attempts, and at least for those who have a good spam filter, a figure north of 99% of those phishing attempts don't make it to the inbox anyway.
The ones that get me are the people who release blatant phishing from quarantine. I'd love to know how many of them later respond and get phished. I suspect that number is rather high.
And then there are the money mule scams. People fall for those all the time. The phish aren't getting that much smarter, as far as I can tell.
If you read the article (which no-one ever does, but just in case you get modded insightful by a mod who didn't either), you'll see that minimum wage is a relative term.
The pool of phishing money is (more or less) static, so when more people start phishing (which happens as it becomes easier), the available money per phisher goes down until its not worth it. If this is less then the minimum wage, then people wouldn't do it, if its more, then more people do it. Hence it stabilizes around that mark. This is also one of the reasons why there are more phishers in poorer nations.
Fail. Your log-in is timestamped. It must both be the current token value AND not be during the same token window as the previous log-in. In other words, each token becomes invalid when the next is ready; and each can only be used once.
Support my political activism on Patreon.
Actually, A friend of mine was a marketing intern and turned to "slangin" as he called it. He made quite a bit of cash off the "nickle and dimers" by doing a little market analysis and identifying the non-public congregation points thereby raising his return on time and lowering his risk of being caught since most everyone there knew and could vouch for everyone else, then selling to them exclusively. He became known for delivering the desired goods in a far more timely fashion than could be acquired elsewhere and made those congregation points far more popular in the process. It was interesting to watch this occur. I observed for more than a year and rather enjoyed the constant female attention his customers lavished, you can probably see how that would work, the more you hang out with the supplier, the more deals you get.... In real life, he made a little over minimum wage, and oddly was my boss, then my employee.
Sigh, college life, how we miss you...
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job.
Steven D. Levitt addresses this in his book, Freakonomics. Chapter 3 is titled Why Do Drug Dealers Still Live with Their Moms?
Breakfast served all day!
Stripping as a career is not economically rational.
As a person with several strippers for friends, let me enlighten you on market forces in this industry.
Stripper income can be strongly affected by people's perception of the health of the local economy. This effect has a negative correlation with population, meaning that clubs in small towns are even more sensitive to economic change. Belt-tightening can happen in strip clubs the same as anywhere else.
Last but not least, strippers age. As they get older, the physical requirements of the job become too difficult, particularly pole/cage dancing. As you age, you become less desirable and working in premier clubs becomes impossible. The end result for many strippers is they move from seedy to seedier clubs, turn to hooking or simply get a day job. The years spent stripping doesn't help them get a good job either, since the ability to spin around a pole at 1 RPM doesn't help them operate a computer or balance a register.
Working as a stripper for a long term career is a fiscally irrational decision, given that the income is neither stable nor will last for the duration of the time you need money. However, stripping your way through college is a rational decision and I support college-going women's decision to be strippers.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.