Think You're Safe?
Posted by Angela Kang and Jennifer Small
The latest RSA Monthly Fraud Report warns of a new “plug-and-play” phishing kit that can install a phishing site within two seconds. Creating a phishing site is now as easy as installing a “.exe” file. If that doesn’t ring any alarm bells, McAfee Avert Labs reports a 784% increase in phishing sites in the first quarter of 2007, with no slowdown in sight.
You might think these developments affect only the “suckers” that fall prey to these sites, and if someone is naïve enough to think they’ve won a free iPhone, they deserve what’s coming to them. But two new studies show that we’re more vulnerable than we might think.
In his study, “Mind Games,” Dr. James Blascovich, professor of psychology at the University of California, Santa Barbara, shows how cybercriminals use fear, greed, and lust to dupe even the most sophisticated users. “No one likes to think of himself or herself as a ‘sucker,’ but clearly scam-spam would become extinct if it was unprofitable.” He also adds that by scamming $20 from just one-fourth of 1% of the U.S. population, cybercriminals can earn $15 million a day and nearly $5.5 billion per year.
Dr. Eszter Hargittai, professor of communication studies and sociology at Northwestern University, conducted a study in which less than 15% of her Internet savvy participants thought a phishing email was suspicious enough to report.
Phishing scams are a growing threat for online companies as well. Although state anti-phishing laws provide a cause of action to adversely affected Internet site owners, online companies are taking preventive measures to protect consumers as they risk losing sales and reputation. Paypal and eBay, the most popular phishing targets, recently announced the release of a security product using authentication tokens to fight these attacks.
Note: You can report phishy activity to the FBI’s Internet Crime Complaint Center.