|
 |
Warp wrote:
> Orchid XP v8 <voi### [at] dev null> wrote:
>> After reading this, I'm left wondering not so much "why does phishing
>> work?" but more "how can we ever hope to prevent it from working?"
>
> One big problem is that people are so gullible. Even people who *should*
> know better are surprisingly gullible.
>
> For example, if you ask almost anyone why they don't buy viagra from an
> email spammer, the typical answers will be along the lines of "I don't need
> that stuff", "I don't want to give my money to dubious people", etc.
>
> However, how many will list the following reason: "How do I even know it's
> real viagra and not just a placebo, or worse, something harmful?"
Or even that, I don't know, maybe they hand over their money and
*nothing* arrives? I mean, what are you going to do? Sue them??
This is why I don't buy things from ebay. As I understand it, you give
the seller your money, and they send you the item. Except that, AFAIK,
there is *no guarantee* that anything will ever actually arrive. (I
don't know whether ebay will refund your money in this instance... I'd
imagine not.) Of course, most ebay sellers are probably perfectly
geniune, but how do you tell?
> I have the impression that surprisingly few people actually stop to think
> that what they are selling might actually not be the genuine product.
Well, the online world isn't like the real world. I mean, you'd be
pretty hard-pressed to open up a highstreet shop that looks *exactly*
like John Lewis, take everybody's money, and then suddenly vanish. It
would be so absurdly expensive to set something like that up, you'd have
to harvest *a lot* of money to make it worth it. Oh, and good luck
evading detection!
Now, how hard would it be to copy the John Lewis website? Er...
actually, pretty trivial. Hire a cheap web host, copy a few files, set
up a CGI script to harvest credentials and put them somewhere. Assuming
you can trick a few people to visit it, you empty their accounts, and
head off to the Camen Islands before the cops even notice. Good luck
getting caught!
The study pointed out a few things:
1. Some people don't realise that websites can be copied. (And why would
you? It would be almost impossible to copy a real shop, or something
like a radio station.)
If you don't realise that it's possible to fake something, why would you
check it?
2. Some people think that it's "difficult" to copy web sites. (E.g.,
that it can never look *exactly* like the real thing.)
Of course, you and I know that computers are very good at copying files,
so it's actually a piece of cake.
3. People have short attention spans. (When was the last time *you*
checked the bank note you were given was actually genuine? You know
people do sometimes fake those, right?)
4. People have no idea what to actually look for. (In fairness, it does
take some knowledge to know what you're actually looking for. Especially
since, by the wonders of HTTP, the page you're looking at might be
unencrypted while the login data you send back *is* encrypted. I always
loved that feature!)
5. One of the sites uses XUL to alter the appearance of the web browser.
I mean, come *on*! Why does Firefox allow *that* FFS?! Even I wouldn't
be able to figure that one out... It's just downright dangerous.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
