Slashdot Mirror
420,000 Scam E-mails Sent Every Hour In UK Alone
An anonymous reader writes "More than 420,000 scam e-mails are sent every hour in the UK, according to a report by CPP, which estimates that Brits were targeted by 3.7 billion phishing e-mails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285. Fake banking e-mails are the most common method used by criminals, with 55% of those targeted receiving seemingly legitimate e-correspondence from high street banks."
A quarter of us admit to falling victim to e-fraudsters ...
Okay so the population of the UK is what? Sixty million? So a quarter of that would be fifteen million. Fifteen million victims.
... with the average victim losing over GBP285.
Okay the details in the article are scant but I assume they are talking about the mean and not the median. If that's true then 285*(1.5*10^7) = over four billion quid? And that's about six billion USD.
My gut reaction is to question this survey or whatever means they used to collect the above information. I can't find anything but this news article on their site, anybody have a link to the original report so we can inspect their methods?
My work here is dung.
Instead of waiting for the general public to catch on, which simply is not going to happen, a better question would be how long is it going to be before ISPs and providers update email protocols so that fake emails are simply not possible (or at least make it a lot harder than it is now)?
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I think it's sensible to make a separation between phishing and other spam. If you click on an email advertising V14GR4, I'm quite happy to stamp 'Moron' across your forehead and be done with it. I wouldn't be nearly so hard on someone who gets a message which is identical to previous correspondence from their bank, but contains a link to l|oydstsb.com rather than lloydstsb.com, for example.
Of course, even the best phishing email is useless against a well educated user, and I think the 25% figure sounds very high, but I can somewhat sympathise with those who fall for a well-crafted phishing scam in a way that I can't for those who end up on the wrong end of a semi-literate 419 email.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this site is, in fact, legit.
"420,000 scam e-mails are sent every hour in the UK"....?
Surely it means that these emails are received? They are not all generated in the UK.
Well, not the ones I get, which clearly use poor English or American spellings. (Note that I distinguish between the two.)
Obviously, there is a small industry behind scam emails: people that harvest emails, ones that come up with "scam campaigns" (fake pay-pal or citibank solicitations), developers, IT to maintain servers, etc. It's hard to imagine that 420K scam emails an hour in UK alone are sent by a few amateurs.
Uneducated people. These are also the people who buy shit from infomercials that will "cleanse their colon" and attend hotel ball room "lectures" on how to make hundreds of thousands of dollars trading stocks - all you have to do is pay $1200 for their "special" trading program. Of course, there are some really street smart uneducated people who get one over on MBAs - so I'm speaking about my experiences, only.
I think the "street smart" is more important than educated. I worked with a really intelligent guy, a brilliant systems programmer who signed up for timeshare he couldn't afford in a place he didn't want to go to because the agent convinced him that he could make a fortune in subletting the share.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this [paypal-marketing.co.uk] site is, in fact, legit.
The holy grail of business is to turn costs into profits. Whilst spam, phishing, owned accounts, etc. look like costs to Paypal, they will very much be looking to change those to profits if possible.
I don't use paypal, as it has always reeked as far as I am concerned, but as I understand it they will freeze accounts at the drop of a hat, for various reasons. If they have just 1% of accounts frozen at any one time, that will be a decent chunk of cash, and they can earn interest on it, and all the other shit capitalists can do when they have capital.
So is it in PP's interests to freeze accounts? If so, they need excuses, and security is always a good-un. They might not purposefully confuse users, they just give the ones willing to take the wrong end of the stick, the wrong end of the stick. PP sending out emails that look like scam emails is just them offering "the wrong end of the stick".
To geeks, it should be pretty straight forward - always, always, always, use the paypal.com domain for anything PP related. Never have other domain names. The drive for profit comes along though, and PP want to totally fill search results for escrow (or whatever) to drown out the competition. Or more importantly, those dirty commies looking to be critical of paypal, or their industry.
Car analogies break down.
The best spam stopping tool is still an alert, critical mind!
And that's precisely why so many people end up being scammed.