I had a legitimate request to re-enter some credit card details the other day and still I hesitated. We are so used to these so-called phishing spam scams. So many of the details were legit – it was for an online backup service that I do use, that was the name of the machine that backs up to it, that was the right renewal date and the expired credit card number was correct – that I didn’t just chuck the email away. But I also didn’t click on it: I separately went to the online backup company’s website, logged in there and checked the details.
But apparently that’s unusual. And so unusual that I can’t brag about it: the odds are that I’ve been fooled by scams before and will again. Seriously. You get these stupid spam messages and you wonder how anyone can be taken in by them. Intellectually you realise they must be because the spam keeps coming, it must be worth the spammers’ time, but you will be head-jerk-backed shocked at how effective those emails are at getting people’s details out of them:
Even on the worst-performing phishing websites, 3 percent of users still submitted their data. On the most effective phishing sites, as many as 45 percent did.
Google notes in its write-up that this is big business for scammers, as one attacker can be responsible for millions of phishing emails.
Once a hacker is able to access someone’s account, they spend an average of three minutes figuring out how much it’s worth, and will apparently move on if the account doesn’t seem valuable enough. According to the study, hackers use Gmail’s own search function to figure out if an account is worth their time, looking for terms like “wire transfer” and “bank.”
What happens next probably won’t surprise you: The hacker tries try to get money from an account’s contact list. They send emails to the person’s friends, family and colleagues with fake stories like “we were mugged last night in an alley” in the hopes of getting them to send cash.
Read the full piece for more details and some advice about stopping being scammed. Mind you, if you’re reading this and you also click through to read that, you’re probably more aware of the issue than most people. And being aware is a key protection.