Can You Spot The Phish Attack?
11/29/2005 – 12:40 amCan You Spot The Phish Attack?
According to data from e-mail security firm MailFrontier, only 4 percent of users can spot a phished e-mail 100 percent of the time. That’s a very sobering thought as the holiday season is upon us and Americans flock online for their shopping needs.
I just took the survey and can certainly see why only 4% of the people scored 100%.
Question 9 is very misleading. They claim that it’s a legit email from Capital One, yet their own screenshot displays a hover url of “http://capitalone.bfi0.com/TR5711904A7DB234A341155000″.
Why would Capital One use bfi0.com to send out statement emails?
bfi0.com is registered to a company in New York called: “Interactive Inc., Bigfoot” and has no obvious tie to Capital One. Navigating to bfi0.com and capitalone.bfi0.com both return an empty page.
2 Responses to “Can You Spot The Phish Attack?”
The entire test is a little misleading. The instructions read “If you received one of these emails in your inbox - what would you do?” I can easily rule out 80% of the suspect e-mail I receive simply because I never do business with those companies. Additionally, the companies I do do business with, I know what their e-mails look like (for example PayPal always addresses e-mails to me by name) so there is another easy step I can take in determining the legitimacy of an e-mail *I* receive.
It is another thing entirely to identify the legitimacy of a message being sent to someone else…
By Ken on Nov 29, 2005
Very true.
I frequently receive statement or cancel notices for accounts that I’ve never had. The latest was regarding “your account at LaSalle bank”. I’ve never done any business with LaSalle bank and can immediately discount it as a phishing scam. I’ve also seen some for places like the Seattle Area Credit Union and other regional institutions. Evidently the larger bank customers are catching on and they’re targeting smaller, possibly less aware, markets.
By Anton on Nov 29, 2005