Phishing Emails (1 Viewer)
- Thread starter Tommy
- Start date
LOL. I am sure they do because they keep sending them.
Mr. Cheese
Full House
Seems legit. They forgot to ask for your social security number though. Noobs!
Psypher1000
Straight Flush
Sadly, yes. We're required to make all employees watch a video/pass a test on cybersecurity annually. Among the topics covered is phishing. There are definitely some more advanced versions that hit the corporate world & the best ones can be tricky for the lay person to detect. But yeah...they're out there.
bentax1978
4 of a Kind
It's because of people like this that I include my SSN in my email signature. So many people forget to ask for it, I just figured this way everyone I send an email to will have it if they need it.
Last edited:
"There's one born every minute" 
:
:
Big Jilm
4 of a Kind
"There's one born every minute"
There are two born every minute. One scumbag asshole that takes advantage of people, and one moronic sucker who falls for it.
Poker Zombie
Royal Flush
I think the purpose of badly worded phishing scams is to put people off guard.
"I can detect scams because they read like they were written by foreigners. Oh look, my bank sent me a very concise letter on bank letterhead, I should open the attachment..."
"I can detect scams because they read like they were written by foreigners. Oh look, my bank sent me a very concise letter on bank letterhead, I should open the attachment..."
There is method to the madness. The obviousness of the scam actually helps the scam to run more efficiently. It's important to attract only those who are extremely - as in, beyond belief - gullible.
The scammer needs to keep as high a "completion rate" as possible, which is to say that it is a disaster of inefficiency if something like 90% or more of the people who begin a dialogue with the scammer eventually fail to complete the scam. It ends up consuming a fair bit of time to get even one person to the end of the scam, so to have to do some portion of that work ten times to get one guy to send the money is horribly inefficient.
So, paradoxically, it's better for the original email to be as poorly assembled as possible and to still communicate the essential message. The worse it appears, the higher the "completion rate" and therefore the higher the efficiency of the scam.
Of course, presumably, there is a breaking point where the number of people who fall for the scam drops so low that they have to make the letter slightly more intelligible. Judging from Trump's current numbers, the letter that hits that breaking point probably involves wingdings or a rebus.
The scammer needs to keep as high a "completion rate" as possible, which is to say that it is a disaster of inefficiency if something like 90% or more of the people who begin a dialogue with the scammer eventually fail to complete the scam. It ends up consuming a fair bit of time to get even one person to the end of the scam, so to have to do some portion of that work ten times to get one guy to send the money is horribly inefficient.
So, paradoxically, it's better for the original email to be as poorly assembled as possible and to still communicate the essential message. The worse it appears, the higher the "completion rate" and therefore the higher the efficiency of the scam.
Of course, presumably, there is a breaking point where the number of people who fall for the scam drops so low that they have to make the letter slightly more intelligible. Judging from Trump's current numbers, the letter that hits that breaking point probably involves wingdings or a rebus.
I got caught once. I bought something off eBay. Two days later I got an email saying congrats on your purchase, click here for a $20 off coupon on your next purchase. The email contained the details of my order (item, pics, quantities etc), unreal!! When I clicked the coupon and tried to log into the eBay site, game over. I was smart and realized what happened, so called eBay and got everything reset. I didnt lose anything. But still, that was a pretty sophisticated scam. The dummy eBay site was a clone. I dont know how they did it but it was a perfect clone (search functionality and everything).
If you guys ever try log into a website and the login fails, with no error message, or even with an error message, and your credentials are correct, dont just assume its a glitch.
If you guys ever try log into a website and the login fails, with no error message, or even with an error message, and your credentials are correct, dont just assume its a glitch.
DJ Mack
Flush
It's fundamentally a human problem. I've heard from various security experts that if you train the hell out of your people and test them regularly you can usually drive the fell-for-it rate down to about 15%. That might not sound like a lot but in an organization with 10,000 employees that's still 1,500. It only takes one to sink a ship.
Five years ago training employees was all the rage and considered adequate. It's still important but now companies are stepping up their controls on the front end to prevent these messages from reaching inboxes in the first place, or failing that, preventing the links from working.
Five years ago training employees was all the rage and considered adequate. It's still important but now companies are stepping up their controls on the front end to prevent these messages from reaching inboxes in the first place, or failing that, preventing the links from working.
Holy. Fucking. Shit. If 15% of the employees of any organization other than Goodwill fall for this then we as a species are completely screwed.
DJ Mack
Flush
Actually I'd bet that the percentage of Goodwill employees with email is relatively low, so if you look at their entire employee base they might only have 5% of their employees fall for it.
A slight clarification but it in no way invalidates your point - the 15% rate is not to a single phishing email. The idea is you're supposed to test multiple times a year, at least quarterly. The premise of the email is always different. Sometimes it's something like @Tommy posted. Other times it's an obviously faked Facebook friend request or a Microsoft scam. Some are more obvious than others. Anyway, the 15% represents the number of employees who will fall for at least one test in a given year. But still, if you're testing four times a year that's a horrific result.
Of course, these are just emails. Telephone calls are a lot more interesting.
OP
OP
Be aware of flash drives. They drop them around businesses, parking lots, etc, hoping someone will pick it up and put it in their computer. Depending how it is setup, the second you plug it in it installs malware or they will put certain files on it with interesting names. Ex: salaries_2016
DJ Mack
Flush
Mapes pr0n.zip
Paulson Price List and Private Order Form.docx
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account and join our community. It's easy!
Log in
Already have an account? Log in here.
