Slashdot Mirror
420,000 Scam E-mails Sent Every Hour In UK Alone
An anonymous reader writes "More than 420,000 scam e-mails are sent every hour in the UK, according to a report by CPP, which estimates that Brits were targeted by 3.7 billion phishing e-mails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285. Fake banking e-mails are the most common method used by criminals, with 55% of those targeted receiving seemingly legitimate e-correspondence from high street banks."
A quarter of us admit to falling victim to e-fraudsters ...
Okay so the population of the UK is what? Sixty million? So a quarter of that would be fifteen million. Fifteen million victims.
... with the average victim losing over GBP285.
Okay the details in the article are scant but I assume they are talking about the mean and not the median. If that's true then 285*(1.5*10^7) = over four billion quid? And that's about six billion USD.
My gut reaction is to question this survey or whatever means they used to collect the above information. I can't find anything but this news article on their site, anybody have a link to the original report so we can inspect their methods?
My work here is dung.
Instead of waiting for the general public to catch on, which simply is not going to happen, a better question would be how long is it going to be before ISPs and providers update email protocols so that fake emails are simply not possible (or at least make it a lot harder than it is now)?
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I think it's sensible to make a separation between phishing and other spam. If you click on an email advertising V14GR4, I'm quite happy to stamp 'Moron' across your forehead and be done with it. I wouldn't be nearly so hard on someone who gets a message which is identical to previous correspondence from their bank, but contains a link to l|oydstsb.com rather than lloydstsb.com, for example.
Of course, even the best phishing email is useless against a well educated user, and I think the 25% figure sounds very high, but I can somewhat sympathise with those who fall for a well-crafted phishing scam in a way that I can't for those who end up on the wrong end of a semi-literate 419 email.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this site is, in fact, legit.
"420,000 scam e-mails are sent every hour in the UK"....?
Surely it means that these emails are received? They are not all generated in the UK.
Well, not the ones I get, which clearly use poor English or American spellings. (Note that I distinguish between the two.)
Elderly people. They have this attitude that because the offer showed up on their machine, it must be legit. Older folks are a bit more trusting - generally speaking. Of course, that's a generalization. My Dad is one hell of a cynic and when he die and if there's a Heaven, St. Peter is going to get a lot of shit. "How do I know this is really Heaven? Put it in writing!"
Uneducated people. These are also the people who buy shit from infomercials that will "cleanse their colon" and attend hotel ball room "lectures" on how to make hundreds of thousands of dollars trading stocks - all you have to do is pay $1200 for their "special" trading program. Of course, there are some really street smart uneducated people who get one over on MBAs - so I'm speaking about my experiences, only.
RIP America
July 4, 1776 - September 11, 2001
Obviously, there is a small industry behind scam emails: people that harvest emails, ones that come up with "scam campaigns" (fake pay-pal or citibank solicitations), developers, IT to maintain servers, etc. It's hard to imagine that 420K scam emails an hour in UK alone are sent by a few amateurs.
Uneducated people. These are also the people who buy shit from infomercials that will "cleanse their colon" and attend hotel ball room "lectures" on how to make hundreds of thousands of dollars trading stocks - all you have to do is pay $1200 for their "special" trading program. Of course, there are some really street smart uneducated people who get one over on MBAs - so I'm speaking about my experiences, only.
I think the "street smart" is more important than educated. I worked with a really intelligent guy, a brilliant systems programmer who signed up for timeshare he couldn't afford in a place he didn't want to go to because the agent convinced him that he could make a fortune in subletting the share.
This is precisely why I've gone back to smoke signals!
I just traded a deer carcase for the promise of a new bow and a lifetime supply of arrows you insensitive clod.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this [paypal-marketing.co.uk] site is, in fact, legit.
The holy grail of business is to turn costs into profits. Whilst spam, phishing, owned accounts, etc. look like costs to Paypal, they will very much be looking to change those to profits if possible.
I don't use paypal, as it has always reeked as far as I am concerned, but as I understand it they will freeze accounts at the drop of a hat, for various reasons. If they have just 1% of accounts frozen at any one time, that will be a decent chunk of cash, and they can earn interest on it, and all the other shit capitalists can do when they have capital.
So is it in PP's interests to freeze accounts? If so, they need excuses, and security is always a good-un. They might not purposefully confuse users, they just give the ones willing to take the wrong end of the stick, the wrong end of the stick. PP sending out emails that look like scam emails is just them offering "the wrong end of the stick".
To geeks, it should be pretty straight forward - always, always, always, use the paypal.com domain for anything PP related. Never have other domain names. The drive for profit comes along though, and PP want to totally fill search results for escrow (or whatever) to drown out the competition. Or more importantly, those dirty commies looking to be critical of paypal, or their industry.
Car analogies break down.
The best spam stopping tool is still an alert, critical mind!
And that's precisely why so many people end up being scammed.
I posted an advert on Craigslist, then someone replied stating that they'd give me £410 for a £230 object if I were to send it to Africa. They faked an email from paypal, saying they'd payed, hoping I'd send it away. But fortunately I'm not stupid enough to think that emails are always real. I went to Paypal by typing the domain in, and sure enough, it was blank, and it was a fake. I emailed the person back disappointed that they'd try to scam me. The person's email (for all to block) was sndrcollins9 at gmail dott com .
Stop phishing scams! Don't be gullible.
how long until the general public has caught on to the point where Spam is no longer profitable
You're assuming the scammers and the emailers are one and the same.
Much more likely you have the scammers fronting some money to the emailers. As long as theres one scammer out there with a hairbrained business plan, the emailers will be hired and put to work.
Don't know if the UK situation is similar to the US situation, but in the US its almost a stereotype that some percentage of people whom take out home equity lines of credit set up a retail store, despite the complete lack of experience, selling stuff like "pirate products", "decorative candles", cupcakes, small restaurants, etc. Then six months later when the seed cash is gone they fold and file personal bankruptcy.
Interestingly, the local cops thought it so unusual that the local candle store was still open for business after about three years, that they investigated it, and it seems the candle store was selling weed on the side, Busted!
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Why? Because I have a card reader that provides an encrypted string after I provide it with my chipped card, PIN and a string from the website. I need to do this for every new transaction. I still believe that only the greedy get scammed.
Unfortunately you might need to re-sync it to gain the full security benefits.
Seriously there is one thing that is terribly wrong with these card readers. They are a gift to muggers. They can be used to verify the pin for a credit or debit card - even ones from other issuers. They don't even have to risk marching you to a cashpoint and forcing you to withdraw money, they can do it all from the comfort of their own crack-house. I complained to the bank and they pointed out that a card would be locked out after three wrong attempts. After two broken fingers I think most people would think twice before using this feature.
The best spam stopping tool is still an alert, critical mind!
I'm not sure what you mean.
Not spam, phishing.
I used to receive barely literate mail shots, with my bank's domain in the "From:" field. Tracking back the IP revealed that the sender was a 3rd party with a domain registered to a caravan (trailer) park.
When I reported this to my bank as either a phishing attempt, or breathtakingly bad practice on their part, I got a snotty reply saying that this was a genuine mailshot via a 3rd party, and that this (by which they implicitly meant "faking headers") was standard practice. They genuinely could not understand why I had a problem with them sending out exactly the sort of faked email that they were regularly warning me about.
Needless to say, I changed banks shorty afterwards, but the lesson is that the line between legit and fraudulent is thin and wiggly.
If you were blocking sigs, you wouldn't have to read this.
> People who I've witnessed who got suckered:
Young people. They have this attitude that they can safely put all sorts of private and embarrassing stuff up on FaceSpace because they are "streetsmart" and know how to twiddle the privacy settings so that only their "friends" can see it.
Educated people. These are also the people who paid $40,000 for a car with an electric transmission because it was "green" and Japanese rather than a $10,000 Chevy that got better mileage. They also got sucked into the "fair trade" scam.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.