[Tfug] [OT] Stupidity of phishing victims

Paul Lemmons paul at lemmons.name
Sat May 3 16:18:51 MST 2008 

Choprboy wrote:
> OK... so this is more of a vent than anything else... I can not believe the 
> stupidity of people who fall for phishing scams. I just received another one, 
> so I did my usual examination of the compromised server. Typical decimal IP 
> address substitution to a compromised server running on a non-standard port, 
> ie. "Please update your details here":
> http://1234567890:82/login/scam.php
>
> In this case though, unlike many where the captured details are forwarded 
> directly to a Hotmail/Gmail account, the details are being written directly 
> to a local filre on the server. This of course means that the results can 
> easily be viewed. A few hours after the email went out, 29 morons have 
> submitted the full name, email address, Paypal password, and credit cards 
> details with CVV and expiration. 7 captures of people entring obviously 
> invalid data/cursing the fraudster, etc. Talked about a criminals wet dream, 
> is it really this easy? How can people be so flipp'n stupid????
>
> Adrian
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>   
I agree, scams are pretty easy to identify by folks that use computer on 
a regular basis. To some, though, anything from a computer, especially 
if it has trustworthy names associated with it, is accepted as truth. I 
remember in high school. If I was going to be late for a class I would 
print a hall-pass on the computer. Never, not even once, was it denied 
or questioned. Even though they had never seen anything like it before.

We can see the scams because we know what to look for and we understand 
the system. I would be curious what percentage of the educated 
population could define these terms from the note above:

compromised server
decimal 
IP 
address substitution 
server 
running 
non-standard port
port 
local file
captured details
file


Stupid would be defined by knowing better and doing it anyway. I think 
these folks are just plain ignorant. Stupid, will always be stupid. 
Ignorance, though, is treatable.

More information about the tfug mailing list