Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phish Scams Fooling 28% of Users

CmdrTaco posted more than 9 years ago | from the scary-stuff dept.

Security 618

Etaipo writes "Anti-spam firm MailFrontier Inc has done some testing with consumers to see if they could differentiate between legitimate e-mails and phish scams. The results, to me, were pretty shocking. The company also has provided a similar test on its web site. Get an answer wrong, and we revoke your geek license on the spot."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


script kiddies in the media! (5, Funny)

garcia (6573) | more than 9 years ago | (#9824518)

Personally I never cared for Phish. They attracted a lot of the same fanbase as the Dead but I just couldn't bring myself to like them. I tried, I really, really did. It's sorta sad that now that they are breaking up for good that they are scamming 28% of the population. I would have never guessed that a cool jam-band would have to resort to this sort of scheming in order to get money!

I guess after all those tours and all those basically unsuccessful albums they are in need of people's credit cards in order to support their own solo touring and promotion.

All kidding aside, I am genuinely disgusting that the authors of these articles did not call this sort of scam by a legitimate title such as "fishing" or "credit card scamming" or "you are a fucking moron for falling for the give me your Credit Card Number in an email" like it has been in the past. I wasn't aware that "scr1p+ K1dd13 sp34k" had crossed into "real journalism". I can see it now... Parents banning their children from listening to Phish because FoxNews told them that they could have their credit cards stolen.

-1 Troll for the authors of these articles.

Re:script kiddies in the media! (0)

Anonymous Coward | more than 9 years ago | (#9824573)

You don't need Phish, you need MOTORHEAD [imotorhead.com], the greatest band to ever walk the planet. Their new disc INFERNO just POUNDS YOUR BRAIN INTO MUSH!@!!!!!!!111111oneonetwotwo

Re:script kiddies in the media! (-1, Offtopic)

kill -9 $$ (131324) | more than 9 years ago | (#9824742)

who would win in a wrestling match between lemmy and god?


Wrong. Trick question Lemme is GOD!!!!

love that movie [imdb.com]...

Re:script kiddies in the media! (0)

Anonymous Coward | more than 9 years ago | (#9824776)


Pick up "Inferno" today! Crank it up and let Lemmy's cinder-block-in-the-face bass beat you to a BLOODY PULP!

Re:script kiddies in the media! (4, Insightful)

real_smiff (611054) | more than 9 years ago | (#9824741)

"I am genuinely disgusting.."

disgusted. you are disgusted. i make this mistake all the time :/

agree about the leet speak.

i came very very close the other day to falling for a fake eBay "your account has been hacked, verify your account details" type scam. it was brilliant, no typos, perfect grammar, good layout, and most of all: i was tired when i got it. felt like a right plonker for even believing it for a second. now i have a lot more sympathy for people who fall for these things. thank god i did check the url.

YAFPBGTWT5! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9824750)

Yet Another First Post By Garcia That Went To 5!

80% right, 100% ugly colour scheme. (3, Insightful)

grub (11606) | more than 9 years ago | (#9824522)

I answered 2 incorrectly as Fraud to get an 80% score so I lose 2 geek points but gain them back for erring on the side of caution. Actually I never bother with HTML mail and just skip it. That hasn't bit my butt yet.

IT's colour schemes are giving me a seizure...

Re:80% right, 100% ugly colour scheme. (0)

Anonymous Coward | more than 9 years ago | (#9824557)

i tried to take the quiz... but sadly the site was slashdotted before i could submit (didn't even see half the emails)

No shit, the color scheme's butt-ugly (0)

Anonymous Coward | more than 9 years ago | (#9824667)


Re:No shit, the color scheme's butt-ugly (2, Funny)

Anonymous Coward | more than 9 years ago | (#9824724)

pretty soon we'll have "geocities.slashdot.org" with animated GIFs of flaming skulls and crappy embedded MIDI files...


Re:No shit, the color scheme's butt-ugly (0)

Anonymous Coward | more than 9 years ago | (#9824763)

Hilarious, please mod up despite inappropriate use of bold tags.

I got a 3 (5, Funny)

Sowbug (16204) | more than 9 years ago | (#9824523)

Why did I have to provide a credit card number before the test showed me my score?

Re:I got a 3 (3, Funny)

beee (98582) | more than 9 years ago | (#9824634)

Wow, I don't find this post funny at all. How is a fellow slashdotter getting scammed funny? Sowbug, I recommend you cancel your CC immediately by calling your provider's phone hotline. Someone may have already begun using it for nefarious purposes.

Re:I got a 3 (5, Interesting)

The0retical (307064) | more than 9 years ago | (#9824697)

I got them all right, what most people forget is that reputable companies will never send you a link to update your account info. They will give instructions but never the latter. That is the dead give away that it is fake.

FTM fooling 100% of Slashdot (1)

Fecal Troll Matter (445929) | more than 9 years ago | (#9824524)

I'm still alive. And my penis is divine.

Re:FTM fooling 100% of Slashdot (0)

Anonymous Coward | more than 9 years ago | (#9824818)

Since technically you are a part of that 100%, aren't you just fooling yourself? pwn3d!!!1~ /FTM Fan

This is an excellent quiz. (4, Interesting)

eaglebtc (303754) | more than 9 years ago | (#9824526)

I passed with flying colors! This is an excellent quiz to send to your friends who are less internet-savvy. I found a common thread throughout all of them: "if you don't verify your account information, it will be suspended."

geek license? (-1)

Anonymous Coward | more than 9 years ago | (#9824528)

I must've been sick when they handed those out...

shit (-1)

Anonymous Coward | more than 9 years ago | (#9824529)

shitty shit fuckity fuck crap a shit o litta fuck fuck

This test is bogus (3, Insightful)

stecoop (759508) | more than 9 years ago | (#9824535)

This test is like a Kobayashi Maru test on star trek. You have to alter the conditions to win. You can't see the details in the hyper links nore the refer information in the header.

Re:This test is bogus (4, Insightful)

PhxBlue (562201) | more than 9 years ago | (#9824766)

No, you just have to recognize the proper set of conditions. If an E-mail already contains correct and verifiable information about your account, or if it does not ask for any account information in the first place, it's probably legit. Otherwise, it's probably a fraud. My non-geek wife and I both took the test and scored 10 / 10.

Catching them on the subtleties (5, Insightful)

gbulmash (688770) | more than 9 years ago | (#9824536)

I scored 90%, incorrectly IDing one legit e-mail as a fraud, meaning I missed one because of being overly cautious.

Some of these fraud mails looked really legit and were mainly given away by the fact that their URLs went to something like fraudprevent-visa.com instead of fraudprevent.visa.com. fraudprevent-visa.com is a domain name that may or may not be affiliated with Visa, while fraudprevent.visa.com is a subdomain of Visa.com, meaning it's not 100% safe, but much more likely to be legit.

But asking people to know this difference is asking a bit much of them. What might be interesting would be a "Phisher Identifier" built into mail clients that could identify bogus or unauthorized URLs based on a very carefully maintained database of legitimate URLs.

Seems that a plug-in could be written for Outlook, Eudora, etc.

- Greg

Re:Catching them on the subtleties (0, Troll)

beee (98582) | more than 9 years ago | (#9824680)

This is an excellent idea, though I would caution against such a plugin being open source. If the spammers and phishers could discover what metric is used for deciding if an e-mail is fake or not, they would have a much easier time fooling it. This might be one instance where closed source is the best solution. I think I might polish off my C book and get to work ;-)

Re:Catching them on the subtleties (1)

Klar (522420) | more than 9 years ago | (#9824708)

I seem to recall seeing a program that would put the domain name at the top of the screen eg, secure.visa.com would display visa.com at the top for all links. I don't remember the specifics for it, but I'm sure there is a program out there that does that. I think they showed it on The Screen Savers.

Test enough, and you can prove anything. (0)

Anne Thwacks (531696) | more than 9 years ago | (#9824541)

And in other tests, a dead fish fooled 28% of -lusers.

No news here folks, move along!

Question 11: (0)

Anonymous Coward | more than 9 years ago | (#9824543)

Pleaase fill in your Bank password to save your score.

./ing (1)

chrispyman (710460) | more than 9 years ago | (#9824547)

Do I loose points if the page won't load due to a slashdotting?

Re:./ing (0)

Anonymous Coward | more than 9 years ago | (#9824705)

No, but you do for misspelling lose!
(Grrr, now I can't mod since I replied...so I guess you don't lose points...)

I call BS on that "test" (4, Insightful)

mabu (178417) | more than 9 years ago | (#9824556)

Let me be among the first to call "Bullshit" on this supposed test.

Any nerd worth his salt knows to first check the headers of the e-mail and Lookup the IP [dnsstuff.com] to see where the mail really came from, and/or view the source of the HTML and identify obfusicated URL redirects. Then again, any IT guy who is using HTML-enabled e-mail should have his geek license revoked in the first place.

Re:I call BS on that "test" (5, Funny)

Anonymous Coward | more than 9 years ago | (#9824606)

any "nerd" would run his own DNS server and wouldn't need web-based turd like. Poser.

Re:I call BS on that "test" (1)

mabu (178417) | more than 9 years ago | (#9824774)

any "nerd" would run his own DNS server and wouldn't need web-based turd like. Poser.

FYI, I run my own DNS of course. But I use IPWHOIS from Dnsstuff. It's a nice, fast service and it's faster than doing it from the shell, and it has nice links so I can e-mail admins or drill-down to see who's in charge of IP blocks.

Re:I call BS on that "test" (0)

Anonymous Coward | more than 9 years ago | (#9824749)

because it's impossible to fake headers.

Re:I call BS on that "test" (1, Insightful)

lukewarmfusion (726141) | more than 9 years ago | (#9824753)

Let's all use Pine!

Maybe you don't live in the real world, but in my company we deal with clients that send HTML emails when plaintext would do, we send HTML (or even Flash) newsletters for clients, and we have a 1-5 geek ratio. So checking headers, looking up the IP originator, or viewing the source isn't an option for the four of us that aren't geeks.

Since I'm one of the geeks, I do my best to educate and inform my colleagues. But I can't do that for everyone - my wife's grandparents will probably fall for every phishing scam. Hell, they forward every cute email, virus warning, (and usually virus) they get.

Damned slashdotting... (0)

Anonymous Coward | more than 9 years ago | (#9824561)

No replies and it's already down. Anyone have a mirror of the test?

Sure (1)

stratjakt (596332) | more than 9 years ago | (#9824564)

I'm never going to trust research that's done by corporations to generate or augment the need for their products.

Obviously they weren't testing the premise of "people aren't that stupid, and probably dont need our fancy products"

Yeah, if you look hard enough you'll find people stupid enough to fall for anything. That's no feat.

It's scary how many people fall for this stuff. (4, Insightful)

bennomatic (691188) | more than 9 years ago | (#9824566)

I had a client recently who called me complaining that she was getting hundreds of e-mails bounced to her that she didn't send out. I asked her if she had recently opened any email attachments, and sure enough, she said, "Only the one that Microsoft sent me that was a required security upgrade. Come to think of it, that's about when this problem started"

When it's that easy, you can't even call it social engineering. It's just social nudging, and people are ready to fall for it.

Not my users (2, Interesting)

Seth Finklestein (582901) | more than 9 years ago | (#9824567)

At my place of business, I run a strictly whitelist-only policy of Internet use permissal. If a user goes to a web site that is not on my comprehensive whitelist, he instead sees a small form with which he may explain the business-related uses of the web page in question.

Needless to say, this policy is entirely foolproof as a means of deterring so-called "phishing" in my workplace. I haven't heard any complaints, so I can only assume that the users enjoy my protecting of their identities.

Seth Finklestein
Proud Systems Administrator

Still Waiting! (2, Funny)

romper (47937) | more than 9 years ago | (#9824569)

Nevermind this. I'm still waiting for my money from Bill Gates and Disney for forwarding that email to everyone I know a couple years back.

That Bill Gates spam cost me.. (1)

MisanthropicProgram (763655) | more than 9 years ago | (#9824682)

a really cute girl.

I was keeping in touch with this girl via email - she was cute! I was hoping for a chance and go "visit". Then, one day, she forwards me that "Test software and Bill Gates will give you $xxx!" I was afraid that she was taking it seriously and maybe she'd get ripped-off. I was trying to figure a way of telling her without making her feel stupid. So I reponded with something like, "You got one those too? Aren't those fraud spams funny? Ha Ha." She still felt stupid and apologized for sending me such a thing. I emailed her back trying let her know that it's hard to know what's legit, etc ... don't feel bad...etc ...
End of story: she never emailed me again or had any other contact with me. Fucking Spam!

Entirely Factual? (1)

z0ink (572154) | more than 9 years ago | (#9824574)

How many legitimate "offers" have you actually gotten via email? I'd like to see the person who signs up for porn and conducts business using the same email address.

28%?? (0)

Anonymous Coward | more than 9 years ago | (#9824580)

I think at least 40% of Phish fans are fooled/fools.

Legislation Making Testing and Research Harder? (1)

lofi-rev (797197) | more than 9 years ago | (#9824587)

It seems like all of the anti-spam/phishing/whatever legislation lately will make testing like this illegal, or at least more difficult because of the threat of legal action.

Maybe on the positive side though it will help reduce the amount of "Shocking!" yellow journalism [slashdot.org] that's out there.

Heh. (2)

tsarin (217882) | more than 9 years ago | (#9824589)

I just got a phish email "from" Citibank (with whom I haven't had an account in several years; that was my first hint...), and forwarded it on to emailfraud@citigroup.com and uce@ftc.gov.

Flip back to and refresh /. to see that almost a third of email users don't have the third of a clue it would take to recognize this crap for what it is. "We has noticed a high level of suspishous attemtpts to access your account and brute force your PIN..."? Um. Okay.

Invalid test (1)

vanyel (28049) | more than 9 years ago | (#9824596)

Aside from the fact that I never click on links in email, what I do do is look at the received headers and the actual links to see where there really go to decide if it's phishbait or not. They've deleted both from the test messages...

Tax on the stupid? (1, Insightful)

Mr. Vandemar (797798) | more than 9 years ago | (#9824597)

Everytime I read a statistic like this I have to ask myself if it's even worth fighting against this kind of thing any more, or if we should consider it a tax on the stupid. Cynical, maybe, but I'm tired of explaining why you should never give out personal information via email to people and having them turn around and do exactly that a week later. I admit, some of the newer emails are getting quite professional looking, but as soon as they start asking for passwords/CC #s, red flags should go up. Sadly, many users gladly give the scammers what they're after with not a thought.

I looked at the URLs of the links (0)

Anonymous Coward | more than 9 years ago | (#9824598)

They all began with www.n15th.com, therefore I marked them all fraud.

Breaking News: (5, Funny)

goldspider (445116) | more than 9 years ago | (#9824599)

There are a lot of uninformed and gullable Internet users out there.

Pictures at eleven.

pre-emptive grammar-nazi (0)

Anonymous Coward | more than 9 years ago | (#9824622)

I know, I know, it's "gullible".

Sadly, most of those fooled are lower class (0, Troll)

beee (98582) | more than 9 years ago | (#9824601)

The biggest demographic that is hit by these phish scams are poor, lower class minorities. With little experience using computers, let alone the internet, recent hookups to the internet in inner cities are the most heavily effected. Blacks and hispanics are especially notorious for having difficulties deciphering "phish" emails, as they've become used to cowering before anything with a menacing letterhead. It's sad that the real victims of these e-mail scams are already in difficult financial situations and can barely afford to pay for other basic services. Shame on these scammers, they are even worse than most spammers.

Re:Sadly, most of those fooled are lower class (0)

Anonymous Coward | more than 9 years ago | (#9824716)

I don't think you realize how patronizingly racist you sound...

Re:Sadly, most of those fooled are lower class (1)

Karma Farmer (595141) | more than 9 years ago | (#9824816)

He's a troll. He knows what he sounds like, and he keeps writing because he craves the attention his parents wouldn't give him.

Re:Sadly, most of those fooled are lower class (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9824772)

asshole. eat shit.

Five minutes to figure it out. (5, Informative)

MacGoldstein (619138) | more than 9 years ago | (#9824605)

But haven't fallen.

My parents got an e-mail stating that we were charged $3000 for a new Dell laptop. Nevermind that we all use Macs.

So I check out the site... Looks professional, seems legit, but it asks for a bank account and social number on a non-secure connection... Phishy?

I checked out the root domain of the given address and ran a search to see to whom the site was registered. Definitely not a real company, an individual, and the root domain didn't exist as an accessible webpage. Not the kind of thing that is very professional. I bounced the e-mail back and dismissed it. Our credit bill the next month didn't have a Dell laptop on it. What do you know?

All it takes is some common sense to get out of these things, but perhaps real companies should start adopting S/MIME or PGP to ensure their identities to make it more apparent to a layperson.

Of course, a false company could just as easily hide behind these "foolproof" authentication mechanisms.

Unfair test (5, Informative)

asdfasdfasdfasdf (211581) | more than 9 years ago | (#9824607)

Honestly, I got through 3 examples before giving up. The real test for me is, "Is the link back to the official site? Or does it look like a link and take you to some mysterious 3rd party server?"

In this test *ALL* links pop up to a "for the purposes of this test, this link has been suspended" This makes the whole thing useless.

Anybody can copy a legit paypal or eBay email and change a few words and make it "look" real. The key is in the links and the data mining.

retarted test (1)

MORTAR_COMBAT! (589963) | more than 9 years ago | (#9824612)

one of the things I look for is the actual location of hyperlinks. the online test disables the viewing of the location of the hyperlink in the status bar.

10/10 anyway (2, Informative)

MORTAR_COMBAT! (589963) | more than 9 years ago | (#9824782)

spoilers within:

1. Microsoft Email Link
Legitimate ... CORRECT

2. PayPal Email Link
Fraud ... CORRECT

3. eBay Email Link
Fraud ... CORRECT

4. US Bank Email Link
Fraud ... CORRECT

5. PayPal Email Link
Legitimate ... CORRECT

6. Earthlink Email Link
Fraud ... CORRECT

7. Citibank Email Link
Fraud ... CORRECT

8. eBay Email Link
Fraud ... CORRECT

9. Paypal Email Link
Legitimate ... CORRECT

10. Visa Email Link
Fraud ... CORRECT

You got 10 out of 10 correct, or 100 %

Just viewed the source of the pages, easy enough to tell who is lying and who is not. Only 1 was marginally troublesome do to a lot of spaces in the URL which pushed the real domain name far to the right.

Re:retarted test (1)

phozz bare (720522) | more than 9 years ago | (#9824785)

Annoyingly, so do the emails themselves. For users of MS Outlook [Express] - the vast majority of email users - the only way to find out where a link leads to is by either clicking it or going through many unfriendly hoops (properties > view source, look through the html, etc etc).


darn, i got connection timeout (0)

Anonymous Coward | more than 9 years ago | (#9824613)

the quiz is /.ed
so does that mean i score a NaN?

Rules? (1)

majorluser (591594) | more than 9 years ago | (#9824616)

Were there rules to looking at the data? All I did was view source, did a few quick DNS lookups and I got an 80. Although I got this great visa offer for my efforts

Well, revoke MailFrontier's geek license (1)

Pac (9516) | more than 9 years ago | (#9824618)

Rule Number One - never post your press releases to Slashdot if you aren't sure your servers will handle it...

Since /. has no meta topics, this is ON topic (-1, Offtopic)

gmhowell (26755) | more than 9 years ago | (#9824638)

/. has no meta topics. Rob doesn't reply civilly to emails, so I have no choice but to comment here:

Are the designers of this site color blind? No, because then they would be able to read the IT page either. The tan/gold colors are pretty, but there is an awful lack of contrast that makes things nearly impossible to read. I'm not the first to complain, and will likely not be the last.

Sure, games, BSD, and YRO are ugly as sin. We can all accept that, but they are at least legible. The current color scheme for IT.slashdot.org certainly falls in the 'Oh, shiny!' category.

Somewhat related, what is the point of IT.slashdot.org? It certainly seems like a story garbage dump. Is the gang moving to a point where every story will be in it, apple, YRO, science, etc? If so, try to post a note somewhere that explains what each section is for, and stick to it. This will make it easier to filter.

It seems like the following:
games: it actually works. It is about games.
apple: apple, apple products, anything at all related to the iPod, including competitors
science: I don't know. Don't read it, don't care.
ask: it actually works. This is where you find 'ask slashdot' entries.
BSD: troll magnet. But one that seems to only attract 'BSD is dying...' trolls
YRO: timothy and michael's soapbox. Anything and everything that they are interested in goes here.
IT: the garbage dump.

Feel free to use these definitions, as I honestly can't think of anything better to describe the current state.

And fix the colors. Please.

Re:Since /. has no meta topics, this is ON topic (1)

lofi-rev (797197) | more than 9 years ago | (#9824718)

Yes - it hurts my eyes too, especially on the laptop screen - viewing it even slightly off-angle makes it nearly unreadable.

Now plot this data vs. time (3, Interesting)

Politicus (704035) | more than 9 years ago | (#9824651)

Is it really so surprising that as spam matures it gets better at impersonating real email? It would be useful to repeat such a test periodically to see it trend over time. Likewise, it would be interesting to see the nature of valid business email content change over time to adjust. Perhaps we can have an internet age Darwin elaborate on the mechanics.

hard? (4, Informative)

Bobman1235 (191138) | more than 9 years ago | (#9824665)

Honestly, it's pretty simple. Just never click on any link in any email. If it's from a company you deal with, type in the URL you know and love to find the information. The only one of the emails in that entire "quiz" I would have trusted was the one without any links, that simply said "go to ebay.com, click on your account." Anything else could be fake.

At the very least, copy and paste the URL rather than click it, and study it for 3 seconds before going to the site to make sure it looks like the site you think you're going to.

Some of these scams look pretty real (2, Insightful)

russler (749464) | more than 9 years ago | (#9824666)

We've all received a number of these scams, and most of us on /. are surely not likely to fall victim. But I can see why the confusion for some people:
1. They are intimidated the moment they sit at the computer.
2. The same people who might be skeptical as ever when dealing with a live human do not have a clue that the "internet" can be an evil place at times.
3. Some of these sights look exactly like the page they are emulating including all the other links on the page going to the real site. These people just do not know to look for "www.ebay.com" instead of in the address bar. That is (sadly) still meaningless to a lot of people.

Education and experience on the web is likely to reduce these issues over time, but for now, it's just a way-too-easy niche opportunity for thieves and scammers to prey upon the naive.

The test doesn't have phishing URLs (2, Informative)

icekillis (777986) | more than 9 years ago | (#9824688)

One of the common tricks I use to tell if someone is phishing is to compare the actual URL link with the one displayed in the test. That is, does the HREF match what's printed on the screen? If not, hit delete faster than a fat girl running towards chocolate. Easiest way to tell as the e-mails are looking more and more legitimate.

I got one for PayPal asking me to update my account information that had a bad link. Also got me since I had just moved and was in the habit of updating account information for sites!

More proof that content-based filtering is useless (1)

mabu (178417) | more than 9 years ago | (#9824709)

This sensationalist phishing PR campaign, if anything, once again proves that content-based filtering is a waste of time and resources. If you rely on spell-checking corporate e-mail as a means to identify its legitimacy, you're off track. If you rely on subtle hints in the message to tip you off that something's funny, you're wasting time.

A simple check of the source IP of the mail relay is the most reliable method of identifying phishing scams. Many of us who primarily use RBLs to block spammers don't deal with this crap because our users never get it in the first place. The main source of these phishing schemes are the same foreign servers that any decent mail admin has RBL'd a long time ago.

So we have another anti-spam company scaring consumers as a means to promote their ineffective spam-filtering solution that will likely involve continual upgrades and degredation of the user's mail service. There are better choices: don't accept any mail from rogus SMTPs. Blacklist the DSL pools, blacklist the IP space of ISPs that allow this illegal activity and you not only stop spam, but you stop worms and these phishing scams.

I am against any anti-spam/worm/phishing technique which involves analyzing the content of the e-mail. RBLs have proven to be more robust and reliable in stopping the spread of this junk and don't slow down mail service or compromise the privacy/security of users.

My coper of Mosaic won't load images.. (1)

TiggertheMad (556308) | more than 9 years ago | (#9824720)

..and I can't figure out how to get PINE to display HTML mail. What is this 'spam' you speak of?

ANSWER KEY (0, Redundant)

romper (47937) | more than 9 years ago | (#9824730)

They're all ledgitimate.

Also it asks for your credit card before you see your score but only so it can verify your identity.

Companies do not help. (2, Insightful)

deragon (112986) | more than 9 years ago | (#9824732)

I was once fooled believing that I received a fraudulant email making me believe it came from Sony. I wrote to Sony to report the email and they told me it was legite!

What caused me to think it was fraudulant? Well, the URLs in the email was going for something like sony.<somecompany>.com. The URL did not finish with "sony.com". The only way to figure out if an email is phoney or not is to check the URLs (assuming your browser does not have the famous URL bug which shows you a legite URL but once clicked, sends you to another site while still showing the legite URL in the URL bar), but when companies use 3rd parties to email their users and provide services, they cause these confusions.

Talk to Verizon (5, Interesting)

RealityMogul (663835) | more than 9 years ago | (#9824737)

I got Verizon DSL service back in February. A month later, I got an e-mail that basically stated there was a problem applying the DSL charges to my phone bill. In the e-mail, which was sent to "Verizon Customer", they suggested I reply to the e-mail with my account name and credit card information.

I thought it was a scam, but left it in my inbox. Two weeks later my service was shutoff. Apparently the message was legit.

After I got the problem straightened out, I sent them a very nasty, yet informative, e-mail and they agreed that they will review their e-mail policies and apologized for sending such a message to begin with.

Phish test (1)

drdreff (715277) | more than 9 years ago | (#9824759)

I need to get one of these and use it as a prequalifier for clients. If you can't pass this test I won't work on your computer.

Well maybe I will, I'll just adjust my hourly rates accordingly.

Slashdotted... (1)

zygote (134175) | more than 9 years ago | (#9824761)

I wonder what the record is for the fastest Slashdotting of a site? This one went belly up in what looks like less than 18 minutes...

nice link! (4, Funny)

jjeffries (17675) | more than 9 years ago | (#9824765)

Linking to a cgi from the front page? Why don't we just find out where the server is and burn down the building instead?

These bastards will stoop to anything! (2, Funny)

Anonymous Coward | more than 9 years ago | (#9824769)

I got one that looked like a family gathering invitation. They must have hacked my mom's email account. They wanted me to respond with my "rsvp." That set off my bullshit detector. I better let mom know because they keep sending me email and now they're claiming I'm going to be disowned if I don't show to my own brother's wedding. I've stopped answering the phone as well because they have sound-alikes leaving me messages and look-alikes showing up at my door. You know as soon as they get your rsvp, they empty your bank account with it. I'm not falling for it.

Only one I got wrong... (1)

siskbc (598067) | more than 9 years ago | (#9824778)

...was one from MS saying you'd better log into Hotmail once a month or they would delete all your email. I figured that was even dickheaded for MS - I mean, an extended vacation and you lose all your email. I assumed that the $19.95 "upgrade" link, while it looked good, must have been obfuscated somehow and was redirected to a "lookalike" site.

So I got 9/10 because MS is an even bigger bunch of assholes than I'd have thought. Wow.

I hope they don't mind random numbers (0)

Anonymous Coward | more than 9 years ago | (#9824786)

I get emails asking to "verify" my credit card, even going so far as to say it's needed to prevent credit card theft -- and I don't even have a credit card.

/ not because I live "off the grid" but because I hate being in debt.

Worthless (1)

glindsey (73730) | more than 9 years ago | (#9824792)

The quiz lets you see the emails, but there's no way to determine where the links are truly headed because they're disabled. I mean, I can make a link with the text "www.ebay.com" and have it point to "www.ripping-you-off-guy.com" in the HREF tag, and the typical user isn't going to see it.

What we NEED is mail clients that, when the user clicks on a link, will automatically deobfuscate the domain it links to and pop up a warning message to the effect of "Clicking this link will take you to a web page on the Internet domain 'www.ebayscammer.ca'. If this is not where you intended to go, click 'Cancel' now."

This has never been a problem for me (1)

eddiegee (236525) | more than 9 years ago | (#9824793)

....because any email that asks for any personal info or provides a URL to where you are supposed to fill something are immediately tossed and the site reported to the legitimate site (usually Paypal or Ebay). If I didn't initiate any webform, I don't use it! Is it that difficult for most people?

Sweet! (2, Funny)

Nu11.org (676686) | more than 9 years ago | (#9824800)

I got all the questions right, plus I'm getting millions of dollarz from this guy in Nigeria. Thanks for forwarding the link to us! Null

3 incorrect (1)

mirko (198274) | more than 9 years ago | (#9824807)

I marked all as frauds without reading them, why should I even consider "US Bank" mails while I am living in Switzerland ?

The Test is crap. (1)

LittleBigLui (304739) | more than 9 years ago | (#9824808)

How could i know wether the links go to a legitimate site if "For the Phishing IQ Test, the Link has been disabled"?

Seriously, wouldn't that be the #1 way to spot fraud? You know, like, looking what you are telling your computer to do instead of trusting a random piece of text that arrived via means that make it next to impossible to validate the sender?

Testing (0)

Anonymous Coward | more than 9 years ago | (#9824814)

One two and three
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account