iPhone Phishing Bait: would you like fries with that?

We’ve all heard there’s no such thing as a free lunch, but this is not always easily remembered when online. The latest example of that is the number of iPhone related phishing messages that had flooded my inbox while I was on vacation. Some of the links didn’t even need to claim it was a ‘free’ deal; just a site claiming to have the cool tool in stock was enough to get clicks.

Of course this is nothing new. Go back and replace ‘iPhone’ with ‘Wii’ or ‘PSP’ or ‘Nano’ and you get similar results. As a gadget geek, I’m always at least a little tempted when I see one of these deal emails come in.  I think back to the few times I have gotten a free lunch from the Internet borg,  free speakers from some early online music start up or free Microsoft discs from a Vista promotion.  It’s not far fetched to believe that  some new start up is blowing their marketing wad to ride the wave of the latest ‘gotta-have-it’ item. But like they say “if it sounds too good to be true, then it probably is not”… And then multiply by 3.14 to take into account the Internet factor 🙂

Damn you, spammers! I think you may have found my weakness.

-b3nn

McAfee’s “Groundbreaking” Phishing Study

Recently, I came across a press release by McAfee citing the results of a “groundbreaking” study that talks about the psychological games played by phishers and email scam artists. The results of the study indicated that “cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information”. Frankly, I didn’t see anything groundbreaking in those results. Don’t we all know that social engineers (including phishers) have to play with people’s psyches to get them to click on links and submit personal information?

The study did however quote some interesting statistics from a 2006 Gartner study:

  • Cumulative loses stemming from phishing attacks rose to more than $2.8 billion in 2006 as compared to $137 million in 2004.
  • Number of US adults that received phishing emails doubled from 57 million in 2004 to 109 million in 2006.
  • The per-victim loss due to phishing increased almost five-fold from $257 in 2004 to $1,244 in 2006

These numbers beg the question – are we fighting phishing the right way?

-Rohyt