Some good examples of common styles of sms phishing. It's important everyone knows how these work because everyone is likely to get some. I know I do.
4 Common Phishing Lies Exposed https://securityboulevard.com/2019/04/4-common-phishing-lies-exposed/
@mzo You know that articles like this only make the phishers life easier, because then they only have to deal with really naive people, and don't get all those more tech savvy ones?
Those low-quality logos and typos in the message are there intentionally. Since once you reply, they need to talk to you at least semi-manually, they want only the most gullible users to respond.
@deshipu Yeah I'm aware of the whole typo thing to filter out smarter users. I don't think gullible is some kind of binary status of a person though so I don't see how it hurts to spread the information to those who don't normally read articles from those kinds of sites.
Confused on how the article makes their life easier though? Please elaborate!
@mzo Same way the typos do — by filtering out the people who are unlikely to fall for it in the end.
@deshipu Doesn't spreading the information in the article then reduce the # of people who will fall for it, thus reducing their overall success rate since its basically a numbers game?
I get that the people who read the article then are no longer "gullible" and in some ways save some time for the phishers by filtering them out however.
@mzo It doesn't, because the people who read such articles wouldn't fall for it in the first place — they would only waste the criminal's time by going through part of the process, until they figured out that something is wrong.
The people they target usually can't even read that well.
@deshipu I suppose either way one of us is making an assumption. I'm assuming that the spread of such information might be read by people who don't "usually" read such articles, and you're assuming that the phishing targets are too far gone to really be educated.
Either way, what would you recommend to reduce that style of phishing besides education?
@mzo Actually enforce the laws that forbid this kind of criminal activity and stop ignoring the reports just because they are difficult to track. Also make them easier to track by providing the tools and education to the authorities. Finally, stop blaming the victims by suggesting that it's their fault and they should get better educated. Most people don't care about or want this kind of "every stranger is your enemy" education and I think they are right about it.
@deshipu fair enough. All good points and I hope that at least the stuff about empowering and educating the authorities happens.
I don't think educating potential victims is necessarily blaming victims though as con artistry has a much longer history than just phishing so its just teaching manipulative concepts. Authorities generally only catch someone after they've gotten some victims first, and the more people that are educated the more people who can report these things before that happens.
@mzo This is a very difficult problem, and as is often the case, the short-term solution works against the long-term solution.
Compare this to street safety. You want your kid to be safe — so you tell them to not go out after dark. But then nobody gets out after dark, and the street really becomes the perfect place for the kind of shady characters that you wanted to protect your kids against. Your work to protect your kid makes the whole area less safe overall.
Tragedy of the commons.
@deshipu I'm sure it's not black and white in terms of a solution, but I don't think educating people about how criminals work contributes to the problem. In your analogy I'm not saying you'd be telling them not to go out, you'd be telling them what goes on at night so not only could they make their own decisions, but they would know what to look for and report so it doesn't become a hotbed of crime.
@mzo Fair enough.
@deshipu Either way I think you're viewpoint is interesting and worth thinking about. Would love to read any articles, papers, studies, etc on the subject from that perspective if you have any to share!
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and have documented a list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!