The Golden Hour of Phishing Attacks

← Back to Stories (view on slashdot.org)

The Golden Hour of Phishing Attacks

Posted by CmdrTaco on Thursday December 2, 2010 @02:17AM from the get-the-camera dept.

Orome1 writes "Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims' credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn't include the time required to take down the phishing Web site, they've dubbed the first 60 minutes of a phishing site's existence is the critical 'golden hour.'"

59 comments

Min score:

Reason:

Sort:

A solution presents itself by Wonko+the+Sane · 2010-12-02 02:18 · Score: 4, Funny

Delay all email deliveries for one hour. What could possibly go wrong?
1. Re:A solution presents itself by LostCluster · 2010-12-02 02:20 · Score: 0
  
  Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.
2. Re:A solution presents itself by drinkypoo · 2010-12-02 02:25 · Score: 1
  
  Actually that's not all bad as an idea. Gmail already makes mail available to you when and how it feels like it. Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first, giving a chance to subject them to a human test for scams before delivering the mail to the greater audience. I'm pretty well convinced that google already does this with spam but they don't have a "report scam" button (unfortunately.)
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:A solution presents itself by Chrisq · 2010-12-02 02:25 · Score: 3, Funny
  
  Delay all email deliveries for one hour. What could possibly go wrong?
  Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.
  whoosh....
4. Re:A solution presents itself by Anonymous Coward · 2010-12-02 02:38 · Score: 5, Insightful
  
  Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first,
  Congratulations! Gmail has determined that you are smart and competent. Your reward is more spam.
5. Re:A solution presents itself by Anonymous Coward · 2010-12-02 02:40 · Score: 2, Informative
  
  I'm pretty well convinced that google already does this with spam but they don't have a "report scam" button (unfortunately.)
  Gmail does, in fact, have a "report scam" button. Click the menu button to the right of "Reply" in any message to "Report phishing." Done.
6. Re:A solution presents itself by alexmipego · 2010-12-02 02:41 · Score: 5, Insightful
  
  They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.
7. Re:A solution presents itself by dkf · 2010-12-02 03:17 · Score: 1
  
  Delay all email deliveries for one hour. What could possibly go wrong?
  Not much more than happens at moment. Our email systems typically delay incoming email from previously-unknown senders for up to an hour anyway; assuming that the message will go through straight away (let alone be read immediately) is definitely a losing proposition.
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
8. Re:A solution presents itself by hedwards · 2010-12-02 03:23 · Score: 1
  
  Really? Gmail users get spam? That's news to me, unless you're talking about that bit of junk mail that ends up in my inbox every several months.
9. Re:A solution presents itself by beh · 2010-12-02 03:23 · Score: 1
  
  ...and the next problem - with the potentially bad clicks not going to google - how is google going to find out how discerning you are? ...unless they rewrote all clicks to be proxied through a google web-service, in which case google would get massive data protection enforcement issues.
10. Re:A solution presents itself by natehoy · 2010-12-02 03:33 · Score: 1
  
  Well, it's really no surprise.
  We used to call it "telephone fraud" or "scamming" back when it was done over the phone and "mail fraud" when it was done via the dead tree snail-mail system. And unwanted postal advertisement was called "junk mail".
  Then when it came to online we decided on the terms "phishing" for fraud and "spam" for unwanted email. Oh, but then it got worse.
  Then there's "whaling" (email scams targeting people higher up in the organization), and "spear phishing" (collecting data about the person you want to phish and crafting a personal attack), "smishing" (scams over cell text messages), "pharming" (DNS redirect), etc. All to describe an attempt at fraud to different targets or using different techniques.
  Then, to add insult to stupidity, someone asked "hey! what if someone tries phishing you over the phone? What should we call that?" and came up with "vishing", completely ignoring the fact that there's been a perfectly good term in use for many generations now to describe telephone fraud. "telephone fraud".
  I'm waiting for someone to come up with a new term for postal fraud. "snailshing?"
  No wonder the terminology is confusing. It's asinine. Something describing fraud should be called "fraud" with the proper adjective in front of it. "mail fraud", "email fraud", "phone fraud", "SMS fraud". Hey, even a complete Internet newbie can understand that without a specialized dictionary to understand the terminology. They're not inviting me to a "Phish" concert, I'm not being invited to catch some stripers with someone who can't spell, they're trying to commit fraud!
  "REPORT JUNK MAIL OR FRAUD" not to do?
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
11. Re:A solution presents itself by natehoy · 2010-12-02 03:41 · Score: 1
  
  Damnit, "review" fail.
  Last bit should be:
  "REPORT JUNK MAIL OR FRAUD" is clear, understandable, and obvious. Then when you hit a threshold for a specific message, throw it into the spam bin for everyone and force anyone who really wants to click the links on it to move it back to the Inbox first. Links in the spam bin should never, ever, ever be clickable.
  Now, let's talk placement. "Report Phishing" is where, you say? Oh, under the REPLY button? That I have to open the email to get to. Oh, OK. Wait.. what? Isn't the very first lesson we all try to teach our newbies "junk and fraud emails are evil - never open them if you can tell what they are by looking at the subject line. Delete them." And yet, when Google wants fraud reported, they make you open the message. (tap tap tap) hello? Is this thing on?
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
12. Re:A solution presents itself by noidentity · 2010-12-02 03:56 · Score: 1
  
  Silly, that'll just delay the golden hour. What we need is for the email to be delivered, but for nobody to be able to respond within the first hour. Simple, really, when you think about it.
13. Re:A solution presents itself by flappinbooger · 2010-12-02 04:09 · Score: 1
  
  Delivered-To: xxxxxxxx@gmail.com Authentication-Results: mx.google.com; spf=pass (google.com: domain of 1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com designates 216.33.63.66 as permitted sender) smtp.mail=1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com Reply-To: "support" Bounces_to: Walgreens.1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com X-SS: 1-1-10920280-574949095 X-BFI: 1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa Date: Thu, 02 Dec 2010 08:07:40 EST From: Adobe Subject: Action Required : Upgrade New Adobe Acrobat Reader 2011 For Windows And Mac To: xxxxxxx@gmail.com
  ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION This is to remind that a new version of Adobe Acrobat Reader with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released. To upgrade your application: + Go to http://www.adobe-2011-downloads.net/ + Get your options, download and upgrade. Thanks and best regards, John Watt Adobe Acrobat Reader Support Copy rights Adobe 2010 © All rights reserved []
  A customer of mine got this email. He forwarded it to me, not because he thought it might be a scam, but because he remembered I had put on foxit reader instead.
  
  I explained a little bit about how it wasn't from adobe and wasn't going to an adobe site.
  
  A quick google: http://www.google.com/search?q=John+Watt+Adobe+Acrobat+Reader+Support&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
  
  --
  Flappinbooger isn't my real name
14. Re:A solution presents itself by idontgno · 2010-12-02 04:55 · Score: 0
  
  Did you just post a malware distribution URL? As a live href?
  I hope that was munged, edited, or otherwise neutralized. Otherwise, that was reckless.
  Also, as evidenced by your partially-anonymized email header, the spam zombie server seems to be associated with Walgreens. Nice piece of malware intel, there.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
15. Re:A solution presents itself by KiloByte · 2010-12-02 04:56 · Score: 1
  
  "pharming" (DNS redirect)
  The name comes from "Phorm", right?
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
16. Re:A solution presents itself by tlhIngan · 2010-12-02 05:05 · Score: 1
  
  They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.
  Problem is, the button isn't available in list view. Most of the phish attempts I get are plainly obvious from the preview line, and the only way to report is to open it and click Report Phishing, an annoying extra step.
  And that's an advantage to having multiple addresses - Paypal telling me I need to fix my account from my non-Paypal email is pretty obvious. As are ones for banks I don't use or never even heard of.
  Still, having to click through is an extra annoyance, just like the loss of the "Unread" select (hidden underneath a menu now) which was a click away. It's a way for me to handle mailing lists - read the interesting posts, then click unread and delete to delete the rest. Would be nice if they had a Google Labs thing that added both back.
17. Re:A solution presents itself by flappinbooger · 2010-12-02 05:13 · Score: 1
  
  Did you just post a malware distribution URL? As a live href?
  I hope that was munged, edited, or otherwise neutralized. Otherwise, that was reckless.
  Also, as evidenced by your partially-anonymized email header, the spam zombie server seems to be associated with Walgreens. Nice piece of malware intel, there.
  Nope, I was reckless and all I blanked out was my guys email address. HOWEVER I'm not totally insane, the urls didn't work for me when I checked - My thought is they had already been dealt with.
  
  --
  Flappinbooger isn't my real name
18. Re:A solution presents itself by natehoy · 2010-12-02 05:17 · Score: 1
  
  No reference to it in the Wiki about Pharming.
  Phorm did appear to use a form of pharming (more specifically DNS poisoning, in this case poisoned at the ISP level) to do its ugly magic. So maybe the marketing dweebs who made up the term "pharming" had some inspiration from Phorm's name in inventing their security tool marketing term.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
19. Re:A solution presents itself by drinkypoo · 2010-12-02 05:44 · Score: 1
  
  There IS no button, it's a menu option! So you have to click through, find the pull-down, click it, and then click it again! This is retarded. I get WAY more phishing attempts than spam in my Inbox. It's gotten to where I just mark them as spam because I'm too lazy to drill down. Gmail interface fail.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
20. Re:A solution presents itself by PPH · 2010-12-02 15:35 · Score: 1
  
  If one of those whooshes by fast enough, do we get a sonic boom?
  
  --
  Have gnu, will travel.
Ummm... by Anonymous Coward · 2010-12-02 02:21 · Score: 0

How is this YRO? Thanks CmdrTaco!
1. Re:Ummm... by ObsessiveMathsFreak · 2010-12-02 02:40 · Score: 1
  
  Peoples rights are being violated by criminals online. I think this qualifies as a YRO story.
  
  --
  May the Maths Be with you!
2. Re:Ummm... by Anonymous Coward · 2010-12-02 03:07 · Score: 0
  
  that's a bit of a stretch, don't you think?
3. Re:Ummm... by Anonymous Coward · 2010-12-02 06:12 · Score: 0
  
  Nope. The guy's just in denial, e.g. the psychological condition. OMP has *convinced* himself that this has anything to do with YRO even though it logically does not. Why anyone would blind himself this much is beyond me...
I know... by Anrego · 2010-12-02 02:26 · Score: 1

This is up in lala land.. but you really can’t cure stupid.
What we need to do is make phishing attacks useless. Obviously a lot harder to do than say.
The best I could come up with is some kind of challenge response system, possibly with the aid of a key token, with the user’s IP address factored in. That is:
You are at the login screen.. and presented with a challenge. On the server the challenge is tied to the IP that requested the login screen. You punch the challenge into some device, it gives you a response. You then plug the response into the login dialog (possibly with some other traditional password). The server validates that the IP logging in matches the IP associated with the challenge, and if so (and if the response is correct of course), lets the user log in.
Obviously this is way too cumbersome to work.. and the users who fall for phishing attacks tend to be the same ones who have PINs of 1234 and resent having to enter _that_ in. But I think something like this where it is impossible to “tell” someone your credentials is the solution.
Nitpic: what's this got to do with my rights?
1. Re:I know... by Anonymous Coward · 2010-12-02 02:34 · Score: 0
  
  Possibly a bad idea since in the UK at least, banks keep telling people that the card reader is NOT used to login.
  No fiddling with the login process will solve phishing attacks - the phishing email/webpage will just inform people about the new security measures or whatever, and that you also need to scan in a picture of your passport and driving license and upload those too.
  Trusteer are the makers of Rapport, which is supposed to keep your login details secure despite all the spyware and keyloggers and screenshooters your computer might be infested with at the time. Fixing stupidity with more stupidity.
2. Re:I know... by DrSkwid · 2010-12-02 03:39 · Score: 1
  
  MITM
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Scrub the sites... by AdamThor · 2010-12-02 02:34 · Score: 4, Funny

So what we need is a way to scrub those websites within the critical time period, yes? A cleaning program? A sort of "Golden Shower"?

--
-- "Oh. This guy again."
1. Re:Scrub the sites... by gmuslera · 2010-12-02 02:38 · Score: 2
  
  Sometimes is not phishing. If you i.e. block for an hour in the proxy the websites refered by incoming mails you will slow down those scams, but also the real sites (i.e. places where you register and have to confirm that your email)
2. Re:Scrub the sites... by Anonymous Coward · 2010-12-02 02:50 · Score: 0
  
  A sort of "Golden Shower"?
  Are you taking the phish?
3. Re:Scrub the sites... by Monkeedude1212 · 2010-12-02 03:22 · Score: 1
  
  Wow, what a piss poor idea. I mean it really stinks. There's so many leaks in your logic, it's amazing you managed to pee-ce it together at all.
4. Re:Scrub the sites... by AdamThor · 2010-12-02 03:34 · Score: 1
  
  Hey, who pissed in your cheerios? You should know that back at the academy I was considered to be a real whiz! Urine the presence of a powerful intellect. It would be a shame to let an idea like this go down the drain.
  
  --
  -- "Oh. This guy again."
Education is the best medicine by digitaldc · 2010-12-02 02:37 · Score: 2

Educating people about computer scams seems to be the best way to combat this problem. Otherwise, we can just provide an IQ test as part of the Windows boot process.

--
He who knows best knows how little he knows. - Thomas Jefferson
1. Re:Education is the best medicine by joebagodonuts · 2010-12-02 03:01 · Score: 1
  
  ...and booting windows means an automatic failure of the test. Brilliant!
  
  --
  "Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
2. Re:Education is the best medicine by digitaldc · 2010-12-02 03:36 · Score: 1
  
  The process you speak of is called 'Dunce Redundancy'
  
  --
  He who knows best knows how little he knows. - Thomas Jefferson
3. Re:Education is the best medicine by panda · 2010-12-02 03:56 · Score: 2
  
  Quoth Bruce Schneier:
  There's nothing we can do to educate users, and anyone who has met an actual user knows that.....Rather than focus on what can we do to educate users, we need to focus on building security that doesn't require educated users.
  Reference: http://www.schneier.com/news-055.html
  
  --
  Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
4. Re:Education is the best medicine by John+Hasler · 2010-12-02 05:41 · Score: 1
  
  And all users are identical of course, and all dunces.
  The fact is that most users are educable to varying degrees. How about we educated the educable while trying to think of something else to do about the rest?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
5. Re:Education is the best medicine by Cowmonaut · 2010-12-02 11:46 · Score: 1
  
  Agreed. Users simply do not care. You can't teach what doesn't want to learn or understand the necessity of learning. It also goes a long way to show part of the problem with American public schools (i.e. a cultural thing).
Another solution by VirtualJWN · 2010-12-02 02:43 · Score: 1

Since we are currently in an economic downturn, and many many tech folks are "on the beach" so to speak, i.e. not working, and perhaps collecting unemployment. why not let the "programmers" in the USA counter attack the overseas attacks on our internet. We invented the thing (Internet), we need VIGILANTE forces that can attack and destroy enemy targets on the web. WHY IS THIS ILLEGAL? This is a job Americans will do!!!!

--
"Any sufficiently advanced technology is indistinguishable from magic." - Arthur C. Clarke
In other news... by Amorymeltzer · 2010-12-02 02:43 · Score: 2

The 15 minutes it takes the cops to respond to a robbery have been dubbed "The golden quarter-hour of robberies." I would expect the majority of successes to occur before security mechanisms have started, what with them being security mechanisms and all.

--
I live in constant fear of the Coming of the Red Spiders.
1. Re:In other news... by gsslay · 2010-12-02 03:50 · Score: 1
  
  You have an interesting point there, you should apply for a grant to fund a study.
  Hypothesis; Thefts are most successful before anyone notices they are happening. Afterwards... not so much.
  Recommendations; Delay thefts until after they are noticed.
Simple by PPH · 2010-12-02 02:45 · Score: 4, Funny

I never answer e-mail within an hour of receipt. I'm too busy trying to make first post.

--
Have gnu, will travel.
Re:DDoS? by Opportunist · 2010-12-02 03:17 · Score: 1

Erh... two reasons.
First, it's illegal. Duh.
Second... well, the enemy has the bigger guns.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The real message by Opportunist · 2010-12-02 03:19 · Score: 1

The most scamming is successful before the Antivirus screams bloody murder when you open the mail. No, really? Duh. That's not what surprised me.
But who would have guessed that so many people actually use antivirus tools that it matters this much how fast the AV vendors react to it?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:The real message by natehoy · 2010-12-02 03:58 · Score: 1
  
  I help about a dozen people with their computers as "side favors", and I know of only one person at the moment on Windows who is not using Antivirus of some form. Comcast includes it for free, so anyone on Comcast I just send them the link and tell them to install it, the same is also true of most ISPs now - almost all of them include something for Antivirus.
  If I drop by to help with something and there's no antivirus installed, we have a serious chat and I usually insist on installing something (at least AVG-Free) before we proceed to working on the actual problem they want help with. It cuts down on repeat visits, and even though I work for beer and I like beer, I have money and can buy beer, and cash purchase is my preferred method for acquiring beer. Fixing other people's computer gaffes is barely worth the beer. I'd rather buy beer and bring it to their house and drink it with them while having a conversation.
  My one antivirus-averse person, let's call him "Risky Rick", feels that he never visits any sites that could harm him (and he does appear pretty cautious), he was very open to installing Firefox with NoScript for web and Thunderbird for email, he is savvy enough not to be running as Admin (Windows XP), he keeps his system patched reasonably well, he's got a decent consumer router with SPI, and he uses MailWasher to review the headers of all of his email so he can delete anything suspicious before it hits an email client capable of rendering HTML or running scripts. He doesn't want to incur the slowdown of a realtime scanner, but he does run a full system scan every few months or so (and it's always come back clean, so I'll give him credit that his caution is working OK for now). Rick is putting actual effort into security rather than depending on a tool to help. Which works, sorta, but you want a Risky Rick who also uses Antivirus as an additional layer, because there's no such thing as too many layers of security.
  New computers are almost always bundled with McAfee or Norton, with a really annoying reminder when the 3, 6, or 12 months or whatever of included service are up. I'm not really a big fan of either, but they get the job done, and they almost force the user to keep them current. It's annoying and invasive, but it seems to be working.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
2. Re:The real message by KiloByte · 2010-12-02 05:01 · Score: 1
  
  Except that both McAfee and Norton affect the computer worse than several concurrent malware infestations.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
3. Re:The real message by Opportunist · 2010-12-02 05:02 · Score: 1
  
  Well, probably when it comes to the impact on performance, but not the impact on your bank account.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:The real message by Mathinker · 2010-12-02 05:08 · Score: 1
  
  > and it's always come back clean, so I'll give him credit that his caution is working OK for now
  Current stats I've heard (they may be just flaky numbers pulled out of a certain orifice) is that A/V tools don't detect up to 50% of current professional botnet infections like Zeus, etc.
  > Which works, sorta, but you want a Risky Rick who also uses Antivirus as an additional layer,
  > because there's no such thing as too many layers of security.
  By that reasoning, you should instead be investing in educating the 11 other people who only use an antivirus but don't invest effort in security like Rick, no? Assuming you could get them together in groups to improve the return on the effort, I mean.
  BTW, the results of a study where all traffic signs and signals were removed from a region which was thoroughly marked as such (the traffic accident rate went down, not up) indicate that Rick's strategy might actually be more effective than the others'.
5. Re:The real message by natehoy · 2010-12-02 07:34 · Score: 1
  
  I agree wholeheartedly. The problem is that there's no driver's test for the Internet and as inadequately as antivirus tools are capable of protecting the innocent, they are at least better than nothing at all. Whether through simple lack of time or lack of access to an educator, there is a significant population of "click on whatever looks good and damn the torpedoes" folks out there.
  I've tried educating the rest of my group, with some significant success, but I can't possibly make them aware of every risk and they aren't going to take the time to educate themselves on every new threat. Many of them are pretty open to actually looking at emails, a few are OK with NoScript but it "makes the Internet harder" for more than half (some pages don't work at all, or don't work well, without JavaScript). A very small few of them have enough trouble just handling email and Facebook which is the extent of the Internet to them, bless their dear hearts.
  I'm probably not that much different in terms of my car. I follow the maintenance schedule, listen for odd noises or odd handling, and look for warning lights.
  Since not everyone is going to be fully aware (and some may be completely unaware) of what the "bad sounds" and "odd handling" are on the Internet, we add "warning lights" (antivirus and other tools) that at least catch a good chunk of the problems, just like the idiot lights in your car.
  They aren't perfect, but they help catch the worst stuff, because just as few people have the wherewithal to check their oil, brake, and steering fluid levels every time they start the car, and precious few crawl under the car to look for a brake line that's on its last legs, so do few people have the wherewithal to check every URL, research each error message they see, and recognize when your bank is not your bank.
  So the car, and the computer, are "taught" to identify some of the most serious things that can happen and identify them to the user. Part of the lesson is to avoid having the warning light come on by maintaining the machine (keeping signatures up to date, checking URLs, using NoScript and other protection tools, refraining from clicking on every damned thing in email even if it does promise Natalie Portman in hot grits or dancing fluffy kittens).
  The other part is telling them what to do when a warning light comes on (antivirus goes BING!, certificate warnings, popup ads, UAC popups in Win7, etc).
  Of course, I also helped an older woman some years back whose car had broken down at the side of the road. Her description was that of a little red "Aladdin's Lamp" lighting up about 30 miles back, then the car getting a little rumbly-grumbly sounding for a while, then finally no matter how hard she pushed down on the gas the car slowed down and got more wiggy-jiggy, then finally it went thumpity-thumpity-clunky-creakity-phoot-grunt and the engine stopped and she had to coast to the side of the road. (read: Low Oil Pressure light came on and she drove the car past 6 highway exits for a half an hour to the point of utter death by friction, ignoring the increasingly urgent mechanical problems that were developing). So the lights don't always do any good even when they do work...
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
6. Re:The real message by shipofgold · 2010-12-02 10:39 · Score: 1
  
  What you don't mention is how many times those A/V programs actually protected the users from something. My company forces A/V on my laptop but I never get any hits...I have A/V on my kids' computers and have re-imaged 5 times in the past 2 years....They click on just about everything. It is the behaviour that determines the risk of infection. Trying to use a condom with holes in it won't get you very far in the long run.
Nothing New Here by JAS0NH0NG · 2010-12-02 03:37 · Score: 1

This result was already pretty well known.
Jagatic and others saw this in 2007 in their work on social phishing at Indiana University.
We saw the same in our PhishGuru work at Carnegie Mellon, on training people not to fall for phishing scams in 2009.
As an aside, I know many slashdotters don't believe you can train people to protect themselves from phishing. That is the standard conventional wisdom in computer security. However, we've actually demonstrated that you can, if you make it fun, timely, and relevant. We're commercializing some micro games for security training and a service for simulated phishing attacks based on research we did at Carnegie Mellon.
NEW DISCOVERY! by gparent · 2010-12-02 04:12 · Score: 2

NEW DISCOVERY! It can take up to several hours to understand a joke on slashdot! A solution presents itself, th-....
Dumb idea by Mathinker · 2010-12-02 04:58 · Score: 1

Joe job
IQ tests don't work. by Benfea · 2010-12-02 07:58 · Score: 1

Smart people can fall for phishing attacks as well. The counter is knowledge, not intelligence. The more people know about how phishing scams work, the better prepared they are to identify phishing attacks.
I always thought... by BigSes · 2010-12-02 08:06 · Score: 1

that the golden hour for phishing was right before dawn.
(rimshot)
(smattering of applause)
Thanks, I'll be here all week.
Amazing discovery! by JohnnyBGod · 2010-12-02 22:46 · Score: 1

This just in! Criminals are more effective while they are unknown to whoever is fighting crime! More at 11.