Once upon a time, the so-called Nigerian letters were adopted to online versions by devious spammers. They were basically email versions of advance fee frauds and I suppose that a few people fell for these traditional scams delivered by snail mail.

Unfortunately the spammers have evolved along with the rest of the world. Phishing and other fraud involving social engineering techniques has expanded a lot during the last years and it can be found in email, IM, blog comments and more. Anti-phishing filters are having a hard time to keep up with the attackers. There are often several clues which reveals the phishing attempt, such as spelling errors, IP address instead of host name and lack of personalization in the message.

Fishing in Istanbul Proper fishing at Atatürk bridge in Istanbul.

However, modern malice such as IDN spoofing and cross-site scripting makes it hard for casual surfers to detect the phishing activity. Even Hanselman got phished (and immediately felt embarrassed). If even computer-savvy experts fall prey to this kind of scam, it’s definitely gotten bad.

Cans of spam Spam is all around.

Modern browsers such as Firefox 2, Opera and Internet Explorer 7 contains anti-phishing support by using blacklists of known phishing sites. Anti-phishing toolbars can help by displaying correct domain names. But technology can’t save people from themselves, which is one of the reasons why social engineering techniques are so devious and hard to counter. In the end, it often comes down to common sense.

Would you give your car key to someone in the street claiming to be a valet? Not likely.

Would you send your bank account number and pin code in plain text to someone on the internet claiming to be working for your bank? Apparently some people seem to think this is a great idea.

Software developers are putting in a lot of effort to get rid of the phishing threat, but it cannot be solved by technology on its own.

2 comments

  • avatar
    Mandus
    18 Jul, 2007

    I guess part of the problem is the general opinion that most stuff on the internet is/should be free. The free mechanic in real life is usually a good friend or relative, on the internet it could be the open source community giving you quality software for free, or some dubious company giving wanting to scan your computer for viruses and other stuff.
    That said, one of the e-mails regarding Nordea (Swedish bank facing a lot of problems with phising attacks) actually found it’s way into my inbox a while back. The grammar was quite bad, no signs of the letters åäö and a very unprofessional feel to the layout makes it hard to believe that any one would for that.
    But then again, you can find most of that if you ask for a flyer at your local pizza delivery. Even if I would be genuinly surprised if they asked me for my account name and password. ;)

  • avatar
    19 Jul, 2007

    Yeah, I’ve also got a few of the “Nordea” phising mails. They are hilarious! I especially enjoy the sender “Nordea fraudkampavdelningen”.
    I suppose the spammers would be more successful if they managed to translate it better and avoid dozens of spelling errors in a supposed letter from a large bank.

Leave a reply