Fake e-mails fool users 28 percent of the time

Discussion in 'other security issues & news' started by the mul, Jul 28, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Consumers still falling for phish
    Fake e-mails fool users 28 percent of the time, study finds

    July 28, 2004

    Confused by what's arriving in your inbox? You're not alone. Nearly one out of three Internet users was unable to tell the difference between fraudulent e-mails designed to steal their identities and legitimate corporate e-mail, a new study finds.

    advertisement

    Anti-spam firm MailFrontier Inc. showed 1,000 consumers examples of so-called "phishing" e-mail as well as legitimate e-mail from companies such as eBay and PayPal. About 28 percent of the time, the consumers incorrectly identified the phishing messages as legitimate.

    What's more, the legitimate e-mails were often dismissed as potential fraud. An e-mail message from the Federal Trade Commission was dismissed as a fraud by 50 percent of the consumers.

    "We knew we'd fool a few people, but we're pretty surprised by 28 percent," said Anne Bonaparte, CEO of MailFrontier. "A number of (the phishing e-mails used in the study) have been around for a while."

    'We are losing on both ends'
    One reason the look-alike e-mails continue to fool consumers: the people behind them are getting much better at their craft.

    "We've definitely seen quite an improvement in grammar, for example," Bonaparte said. "Early versions wouldn't have fooled too many people. Now, they fool a number of us. We did the test here at work and some people had embarrassing results."

    One very well-distributed PayPal look-alike e-mail, which claimed credit card information needed to be updated, fooled 31 percent of users surveyed, she said.

    "That one was written widely about. You would not have thought that would have fooled people," she said.

    Meanwhile, a simple note from PayPal indicating that a payment had been made, which asked for no personal information, was described as a fraud by 20 percent of those studied.

    "We are losing on both ends right now," said Dave Jevens, chairman of the Anti-Phishing Working Group, a consortium of companies fighting the problem. He said he wasn't particularly surprised by the results of the study.

    "I've seen professionals who work in the industry fall for these. As we can see from this report, it's hard to tell bad mail from good mail. ... It's undermining the ability of people to communicate."

    (Think you'd do better at sniffing out the real McCoy? MailFrontier has published a "fair or phish" test similar to the one it used in its study on.

    http://www.mailfrontier.com/


    The mul
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    hmm....6 out of 10.

    A little disturbing.


    snowbound
     
  3. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    hmmm, seventy percent. A bit more than a little, disturbing.
     
  4. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Hmm, 70 percent here too.

    The PayPal ones were easy in one way -- totally aside from the links, PayPal has emphasized that any legit email from them will always address you by full name, never as "Dear customer" or the like.

    I mis-guessed one or two of the legit ones -- and my reaction in those cases was that, given what we (should, anyway) know about phishing, those operations are operating very sloppily. More and more legit operations will no longer under any circumstances use email to ask for an acount verification, relying instead on snailmail or even phone calls.
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Thanks for pointing that out Mike, makes sense. I suppose if you know who you're dealing with, just be thorough when checking, hmmm?
     
Loading...
Thread Status:
Not open for further replies.