I Can't Phish Or Cut Bait

Uh, oh. I scored 40% (4 correct out of 10) at the Testing Your Phishing IQ site. Back in early 2000, I fell for a phishing fraud involving my Internet Service Provider at the time. I received an e-mail message with the logo and the look of e-mail from that ISP. Under the pretext of updating my records, I filled the boxes with my Social Security Number, mailing address, telephone number, and my credit card (VISA) information—number and expiration date. Duh! The hoax made the Amarillo fishwrap with the report that only one ISP customer had fallen for the request and spilled his cyberguts to the phisherman. Obviously, the sole rube in Amarillo was me. If this is (fair & balanced) humiliation, so be it.

[x PC Magazine]
Can You Sniff Out Fraud?
By Neil J. Rubenking

Phishing scams are on the rise. These fraudulent e-mail messages trick recipients into giving out sensitive information by imitating legitimate sites–PayPal, eBay, banks, or credit card companies. When you click a link to "verify" or "confirm" sensitive data like your bank-account numbers, the page looks legitimate. The browser may even display the secure-site lock icon. But your data goes to a crook, not to the bank. The scammer only needs a handful of dupes to make it profitable. By the time any investigation can take place, he's long gone.

You wouldn't be taken in by such a scam… or would you? Antispam vendor MailFrontier thinks you would. MailFrontier's desktop and enterprise products filter phishing scams separately from other spam, placing them in their own fraud-mail folder. The user can mark a message in this folder as legitimate, thereby moving it back to the inbox. MailFrontier experts observed that nearly ten percent of the mail unequivocally identified as suspicious was being rescued by users!

MailFrontier commissioned an independent survey in which 1,000 adults around the country were presented with screenshots of five e-mail messages and asked to identify them as legitimate or fraudulent. Two of them were actually frauds, including a well-known PayPal scam. On average, 28% of the responses incorrectly identified fraudulent e-mail as legitimate, or vice versa.

So, how would you have fared in the survey? You can find out at www.mailfrontier.com. When you click on the Test your Phishing IQ link, you'll get a chance to analyze ten actual e-mail messages and distinguish the legitimate from the fraudulent. Unlike the earlier survey, which used static screen shots, this test lets you scroll through the messages, hover the mouse over links, and do almost anything but follow the links. When you've made your decisions, submit them and find out which were correct.

Social-engineering exploits like phishing may eventually be the biggest threat to online security. Even if antispam, antivirus, and antispyware programs evolve to be 100% accurate in identifying threats, the uninformed user can still stumble around them.

Copyright © 2004 Ziff Davis Media Inc. All Rights Reserved.