Once upon a time, the so-called Nigerian letters were adopted to online versions by devious spammers. They were basically email versions of advance fee frauds and I suppose that a few people fell for these traditional scams delivered by snail mail.
Unfortunately the spammers have evolved along with the rest of the world. Phishing and other fraud involving social engineering techniques has expanded a lot during the last years and it can be found in email, IM, blog comments and more. Anti-phishing filters are having a hard time to keep up with the attackers. There are often several clues which reveals the phishing attempt, such as spelling errors, IP address instead of host name and lack of personalization in the message.

However, modern malice such as IDN spoofing and cross-site scripting makes it hard for casual surfers to detect the phishing activity. Even Hanselman got phished (and immediately felt embarrassed). If even computer-savvy experts fall prey to this kind of scam, it’s definitely gotten bad.

Modern browsers such as Firefox 2, Opera and Internet Explorer 7 contains anti-phishing support by using blacklists of known phishing sites. Anti-phishing toolbars can help by displaying correct domain names. But technology can’t save people from themselves, which is one of the reasons why social engineering techniques are so devious and hard to counter. In the end, it often comes down to common sense.
Would you give your car key to someone in the street claiming to be a valet? Not likely.
Would you send your bank account number and pin code in plain text to someone on the internet claiming to be working for your bank? Apparently some people seem to think this is a great idea.
Software developers are putting in a lot of effort to get rid of the phishing threat, but it cannot be solved by technology on its own.
Related posts
2 comments
Leave a reply