« Timing and persuasion | Main | Every morning this week »
July 29, 2004
E-mail Scams
As seen on Slashdot, a study found that fake e-mails asking for personal information fool users 28% of the time. These scams, called "phishing," usually take the form of a Bank or web commerce site asking you to confirm your account information, sometimes including your password, credit card numbers, and other such sensitive information. In the past, these e-mails were easy to spot: unprofessional-looking, typos everywhere, etc. But now, the phishers have gotten smarter, so we need to be on the lookout. Can you spot a phisher's e-mail? The publishers of the test set up a web page to test surfers' ability to spot the fakes. I'll admit it, I didn't score 100% on the test. In my defense, though, I wouldn't have been persuaded into giving up my account information. I'm extremely careful about giving a webpage that sort of information, since I know how insecure these pages can be. The test also took away my first two lines of defense: First, I always check to see where the links go. Even though they claim to be a CitiBank link, if the page goes off to a suspicious web page (or the link is a button so I can't see where goes), I'm on the alert. In fact, many companies, in light of these phisher techniques, will not include links in their e-mails now -- instead, their e-mails just contain instructions on how to update your account from their web page. Second, there were no e-mail headers. I use these to check out just who the e-mail is actually coming from. Even though the "from" field may say "security@ebay.com," the headers will let you know if the e-mail is really coming from somewhere illegitimate. So, in conclusion, be wary! As persuasive as these e-mails are, maintaining some suspicion will do you well.Posted by at July 29, 2004 04:13 PM
Trackback Pings
TrackBack URL for this entry:
http://credibility.stanford.edu/captology/mt/mt-tb.cgi/125