The secret of phisher's success

Three American scholars have published the results of a study on why the phishers continue to succeed despite repeated warnings being issued over the years. by.

Most people get a fake email sent from a bank or online service asking them to provide details of personal financial information. In some cases, it is the fake email sent from the bank and the service provider that the recipient is their customer. But in both cases, the user still knows that he must be really careful.

To produce the results of the 'Why Phishing Works' report, three scholars - including Rachna Dhamija of Harvard University, Marti Hearst and JD Tygar of the University of California - conducted a survey of a small group of users. use. Thereby, scholars have discovered that up to 90% of users cannot distinguish phishing emails by considering their trustworthy honesty.

And if it comes to ensuring that e-commerce organizations or online banks can overcome the damage that online fraud has caused to their customers, there are still a large number of It is not possible to distinguish between reliable emails. This can cause users to turn away from online services.

Scholars give examples of a Western Bank fraudulent letter. This emai will redirect recipients to a phishing site www.bankofthevvest.com - notice that the domain name has two characters 'v' instead of 'w' - impersonating the information security key content, VeriSign logo tampering, authentication stamp and even a pop-up warning for users' security. As many as 91% of the participants in the scholars' survey believe this is legitimate email.

In contrast to an authentic email sent from E * Trade redirecting users to a legitimate, highly secure website, but with a simple, no-graphics interface optimized for web browsers Mobile, 77% of users think this is a fake email.

One of the reasons why users continue to be cheated by online fraud criminals may stem from having too many simple and silly tricks to make a deadly trap. Nearly a quarter of the people who participated in the survey did not observe the address bar, status bar, or security messages on phishing sites.

That's why they easily become targets for online scammers using tricks like links that are different from legitimate address links that have exactly one character - for example, the 'l' character instead so the sequence number '1' or even the letter 'I'.

Simply, 'Why Phishing Works' asserts that the user does not have much knowledge about domain syntax. 'The user may think that the domain name www.ebay-members-security.com belongs to www.ebay.com. Or sometimes users see the lock icon at the corner of the browser to see that it is a guarantee of security. But users who don't know those icons can easily be included in those websites. This is an example of online fraud tricks.

Speaking at the Online Crime Conference held in London last week, Bernhard Otupal, Interpol's high-tech criminal investigation, said users were not only unable to detect The form of fraud that sometimes even makes the problem easier for cyber criminals with an amazing level of indifference.

' What is needed here is the responsibility of the user ,' Otupal said. ' Recently a large number of users have become victims of a phishing phishing attack from a well-known bank. Even users who are not customers of that bank are tricked into providing financial details . '

The report "Why Phishing Works" shows that scholars do not find differences in the age of victims in online scams. However, a number of separate studies have come to the opposite conclusion.

When asked about the risks of cybercrime that made them more careful, only 58% of users aged 18 to 29 years old answered yes while the number of people over 50 had similar answers. self is 79%.

Similarly, 80% of young users say they often decide who to work with based on their security while older people reach 93%.

Hoang Dung