 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf
After reading this, I'm left wondering not so much "why does phishing
work?" but more "how can we ever hope to prevent it from working?"
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 <voi### [at] dev null> wrote:
> After reading this, I'm left wondering not so much "why does phishing
> work?" but more "how can we ever hope to prevent it from working?"
One big problem is that people are so gullible. Even people who *should*
know better are surprisingly gullible.
For example, if you ask almost anyone why they don't buy viagra from an
email spammer, the typical answers will be along the lines of "I don't need
that stuff", "I don't want to give my money to dubious people", etc.
However, how many will list the following reason: "How do I even know it's
real viagra and not just a placebo, or worse, something harmful?"
I have the impression that surprisingly few people actually stop to think
that what they are selling might actually not be the genuine product. That's
why the spamming works: People who *want* the stuff and have no moral
problems about buying it from unofficial sources, never stop to think that
there's absolutely no guarantee that it really is the real stuff. After all,
those spammers are not controlled by any official entity who sees that they
are not fraudulent. However, most people just assume that they are selling
the real stuff.
People have forgotten the old rule "don't take candy from strangers",
and go one step ahead: They actually go and *buy* the candy from strangers,
without ever stopping to think what *is* in that candy.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> Orchid XP v8 <voi### [at] devnull> wrote:
>> After reading this, I'm left wondering not so much "why does phishing
>> work?" but more "how can we ever hope to prevent it from working?"
>
> One big problem is that people are so gullible. Even people who *should*
> know better are surprisingly gullible.
>
> For example, if you ask almost anyone why they don't buy viagra from an
> email spammer, the typical answers will be along the lines of "I don't need
> that stuff", "I don't want to give my money to dubious people", etc.
>
> However, how many will list the following reason: "How do I even know it's
> real viagra and not just a placebo, or worse, something harmful?"
Or even that, I don't know, maybe they hand over their money and
*nothing* arrives? I mean, what are you going to do? Sue them??
This is why I don't buy things from ebay. As I understand it, you give
the seller your money, and they send you the item. Except that, AFAIK,
there is *no guarantee* that anything will ever actually arrive. (I
don't know whether ebay will refund your money in this instance... I'd
imagine not.) Of course, most ebay sellers are probably perfectly
geniune, but how do you tell?
> I have the impression that surprisingly few people actually stop to think
> that what they are selling might actually not be the genuine product.
Well, the online world isn't like the real world. I mean, you'd be
pretty hard-pressed to open up a highstreet shop that looks *exactly*
like John Lewis, take everybody's money, and then suddenly vanish. It
would be so absurdly expensive to set something like that up, you'd have
to harvest *a lot* of money to make it worth it. Oh, and good luck
evading detection!
Now, how hard would it be to copy the John Lewis website? Er...
actually, pretty trivial. Hire a cheap web host, copy a few files, set
up a CGI script to harvest credentials and put them somewhere. Assuming
you can trick a few people to visit it, you empty their accounts, and
head off to the Camen Islands before the cops even notice. Good luck
getting caught!
The study pointed out a few things:
1. Some people don't realise that websites can be copied. (And why would
you? It would be almost impossible to copy a real shop, or something
like a radio station.)
If you don't realise that it's possible to fake something, why would you
check it?
2. Some people think that it's "difficult" to copy web sites. (E.g.,
that it can never look *exactly* like the real thing.)
Of course, you and I know that computers are very good at copying files,
so it's actually a piece of cake.
3. People have short attention spans. (When was the last time *you*
checked the bank note you were given was actually genuine? You know
people do sometimes fake those, right?)
4. People have no idea what to actually look for. (In fairness, it does
take some knowledge to know what you're actually looking for. Especially
since, by the wonders of HTTP, the page you're looking at might be
unencrypted while the login data you send back *is* encrypted. I always
loved that feature!)
5. One of the sites uses XUL to alter the appearance of the web browser.
I mean, come *on*! Why does Firefox allow *that* FFS?! Even I wouldn't
be able to figure that one out... It's just downright dangerous.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> One big problem is that people are so gullible. Even people who *should*
> know better are surprisingly gullible.
Weee... now I'm wondering, how many computer experts would be fooled? ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 <voi### [at] devnull> wrote:
> This is why I don't buy things from ebay. As I understand it, you give
> the seller your money, and they send you the item. Except that, AFAIK,
> there is *no guarantee* that anything will ever actually arrive. (I
> don't know whether ebay will refund your money in this instance... I'd
> imagine not.) Of course, most ebay sellers are probably perfectly
> geniune, but how do you tell?
If I'm not mistaken, ebay offers a service which acts as a third-party:
The seller sends the product to this service, and the buyer sends the
money. When both things have been sent, the service proceeds with the
transaction. If either the product or the money never arrives, the other
good gets returned.
Of course this service is not free.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> When both things have been sent, the service proceeds with the
The word in English is "escrow", just so ya know.
Wouldn't paying with a credit card do the trick, at least in the USA?
Maybe that's why sellers prefer pay-pal? In the USA, if you buy
something on the credit card and it's unacceptable, you just tell the
bank "I'm not paying for this" and they take the money back from the
merchant.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> The word in English is "escrow", just so ya know.
So *that's* what that word actually means...
> Wouldn't paying with a credit card do the trick, at least in the USA?
> Maybe that's why sellers prefer pay-pal? In the USA, if you buy
> something on the credit card and it's unacceptable, you just tell the
> bank "I'm not paying for this" and they take the money back from the
> merchant.
Ooo... I hear that banks are *really good* at gettings their own money
back. :-D
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> Ooo... I hear that banks are *really good* at gettings their own money
> back. :-D
It depends, really. If the merchant can prove he did indeed ship it to
you (with fed ex receipts, say), then the bank eats the cost. This is
one of the reason rates are higher for taking credit cards for
mail-order than for walk-in stores.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Ooo... I hear that banks are *really good* at gettings their own money
>> back. :-D
>
> It depends, really. If the merchant can prove he did indeed ship it to
> you (with fed ex receipts, say), then the bank eats the cost. This is
> one of the reason rates are higher for taking credit cards for
> mail-order than for walk-in stores.
Well, maybe.
All I know is, if you owe the bank money, they usually make *damned*
sure they ****ing get it back! >:-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> All I know is, if you owe the bank money, they usually make *damned*
> sure they ****ing get it back! >:-)
The US is a bit different. Particularly with credit cards.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
