Slashdot Mirror
420,000 Scam E-mails Sent Every Hour In UK Alone
An anonymous reader writes "More than 420,000 scam e-mails are sent every hour in the UK, according to a report by CPP, which estimates that Brits were targeted by 3.7 billion phishing e-mails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285. Fake banking e-mails are the most common method used by criminals, with 55% of those targeted receiving seemingly legitimate e-correspondence from high street banks."
A quarter of us admit to falling victim to e-fraudsters ...
Okay so the population of the UK is what? Sixty million? So a quarter of that would be fifteen million. Fifteen million victims.
... with the average victim losing over GBP285.
Okay the details in the article are scant but I assume they are talking about the mean and not the median. If that's true then 285*(1.5*10^7) = over four billion quid? And that's about six billion USD.
My gut reaction is to question this survey or whatever means they used to collect the above information. I can't find anything but this news article on their site, anybody have a link to the original report so we can inspect their methods?
My work here is dung.
Instead of waiting for the general public to catch on, which simply is not going to happen, a better question would be how long is it going to be before ISPs and providers update email protocols so that fake emails are simply not possible (or at least make it a lot harder than it is now)?
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I think it's sensible to make a separation between phishing and other spam. If you click on an email advertising V14GR4, I'm quite happy to stamp 'Moron' across your forehead and be done with it. I wouldn't be nearly so hard on someone who gets a message which is identical to previous correspondence from their bank, but contains a link to l|oydstsb.com rather than lloydstsb.com, for example.
Of course, even the best phishing email is useless against a well educated user, and I think the 25% figure sounds very high, but I can somewhat sympathise with those who fall for a well-crafted phishing scam in a way that I can't for those who end up on the wrong end of a semi-literate 419 email.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this site is, in fact, legit.
Elderly people. They have this attitude that because the offer showed up on their machine, it must be legit. Older folks are a bit more trusting - generally speaking. Of course, that's a generalization. My Dad is one hell of a cynic and when he die and if there's a Heaven, St. Peter is going to get a lot of shit. "How do I know this is really Heaven? Put it in writing!"
Uneducated people. These are also the people who buy shit from infomercials that will "cleanse their colon" and attend hotel ball room "lectures" on how to make hundreds of thousands of dollars trading stocks - all you have to do is pay $1200 for their "special" trading program. Of course, there are some really street smart uneducated people who get one over on MBAs - so I'm speaking about my experiences, only.
RIP America
July 4, 1776 - September 11, 2001
Received - other sites have reported this one rather better.
http://www.itproportal.com/portal/news/article/2010/6/16/420000-scam-e-mails-sent-britons-each-hour/
http://www.telegraph.co.uk/technology/news/7831633/Britons-receive-more-than-420000-scam-emails-every-hour.html/
I want a list of atrocities done in your name - Recoil
This is precisely why I've gone back to smoke signals!
I just traded a deer carcase for the promise of a new bow and a lifetime supply of arrows you insensitive clod.
The fact that sites like PayPal sometimes do send out real messages with all the hallmarks of a scam also serves to confuse issues. I seem to recall that this [paypal-marketing.co.uk] site is, in fact, legit.
The holy grail of business is to turn costs into profits. Whilst spam, phishing, owned accounts, etc. look like costs to Paypal, they will very much be looking to change those to profits if possible.
I don't use paypal, as it has always reeked as far as I am concerned, but as I understand it they will freeze accounts at the drop of a hat, for various reasons. If they have just 1% of accounts frozen at any one time, that will be a decent chunk of cash, and they can earn interest on it, and all the other shit capitalists can do when they have capital.
So is it in PP's interests to freeze accounts? If so, they need excuses, and security is always a good-un. They might not purposefully confuse users, they just give the ones willing to take the wrong end of the stick, the wrong end of the stick. PP sending out emails that look like scam emails is just them offering "the wrong end of the stick".
To geeks, it should be pretty straight forward - always, always, always, use the paypal.com domain for anything PP related. Never have other domain names. The drive for profit comes along though, and PP want to totally fill search results for escrow (or whatever) to drown out the competition. Or more importantly, those dirty commies looking to be critical of paypal, or their industry.
Car analogies break down.
Not spam, phishing.
I used to receive barely literate mail shots, with my bank's domain in the "From:" field. Tracking back the IP revealed that the sender was a 3rd party with a domain registered to a caravan (trailer) park.
When I reported this to my bank as either a phishing attempt, or breathtakingly bad practice on their part, I got a snotty reply saying that this was a genuine mailshot via a 3rd party, and that this (by which they implicitly meant "faking headers") was standard practice. They genuinely could not understand why I had a problem with them sending out exactly the sort of faked email that they were regularly warning me about.
Needless to say, I changed banks shorty afterwards, but the lesson is that the line between legit and fraudulent is thin and wiggly.
If you were blocking sigs, you wouldn't have to read this.