Email Users Incompetent At Spying Out Scams

We saw this great post indicating exactly how clueless the average person is when trying to detect spam of phishing schemes in their in-box. The blogger launched a site called SpamorHam.org to see how savvy Internet users were across the board when trying to detect email fraud. Unfortunately, users of the site are failing the test in overwhelming rates.

Here’s one that the average user doesn’t think is a fraud attempt, for example:

I get about a hundred of these in my inbox a day. There’s some criticisms we could level at the site’s methodology: to be honest, the only way we really know some emails are actually scams (we get paid by Paypal, for example, and some of those fake messages are extremely good forgeries) is by hovering over the links and carefully identifying where they lead. That may still be a bit savvier than the average email user, but SpamorHam.org doesn’t let you figure out where links leave intuitively — they give a raw output of HTML, but most people don’t know how to read it. Text alone really isn’t enough anymore to detect phishing scams, if it ever was.


There’s one born every minute: spam and phishing
[JGC.org]

Comments

Edit Your Comment

  1. It’s not too difficult to tell the difference between the spam and ham that SpamorHam.org is presenting to me at the moment – the spam looks like spam, and _all_ of the ham is from, and to, people working at Enron a few years ago.

    Which is kind of freaky.