so the infosec buzz right now (among other things) is about how sophisticated online fraud attacks are getting. "vishing", blog-based enticements, IM enticements, and highly targeted attacks. i've heard some pretty good ones of late that target people who lost an ebay bid and get a follow-up message (supposedly from the seller) that alls they have to do is send them the $$$ and they'll send them the desired item as the original seller bailed out. clever.
well, my inbox tells a different story. stretching back to around the middle of last month i've been the recipient of routine, silly phishing attacks for 5th 3rd bank (where i do not bank). check out the screen cappie below, shows 14 since July 20th. each one has a wacky combo of words or excepts from a story of some sort coupled with an image containing the enticement. check it out:
who in god's name would trust this and cough up their identity? do ppl really rush so fast to attachments that they don't read the message? i doubt it.
i would have more sympathy for someone who was suckered into helping general ungawa recover his 20 million from the nigerian government than the person that thought that just maybe they're account really was suspended in a message that starts with the words "fishy gimp, pus gamy awe, slue bosh pax ...".
on the flip-side, phishing messages like this would provide an ingenious starting point for coming up with creative, new indie band names. think about it. "she wants revenge" and "clap your hands and say yeah" could have just as easily been "ramage bagpipe brokerage" if they had been cruising my spambox. has a nice ring to it eh? how about "pain roof opal" instead of "death cab for cutie"? maybe these guys missed their real calling...