• No se han encontrado resultados

ESCALA DE REFERENCIA

7.3. ESTRATEGIAS PARA GERENCIAR EL TALENTO HUMANO RESPONSABLE DE LA EJECUCIÓN Y OPERACIÓN DEL PROYECTO

C H A P T E R

2

There are several different definitions of spam. I go with “unsolicited bulk email.” Another definition, “unsolicited commercial email,” is popular, but a lot of spam doesn’t have any true commercial purpose. It can be virus spam, social- engineering tricks to drive traffic to dodgy websites, or email fraud such as the famous Nigerian scam. Even the ones that seem obviously commercial—such as offers of prescription drugs or body enhancements—may not have a real busi- ness behind them but are simply scams to get your money or identity through your order. One-off unsolicited commercial emails, while annoying and rude, are not the problem that real spam is. Real spam is sent to zillions of users and has more far-reaching consequences.

One of the consequences of spam is its effect on network bandwidth. Those of us who pay for time or bitrate must pay to download the things; everyone else waits for those spammy attachments. Add up how long you wait for the spam to download and multiply it by your hourly rate—even if you’re not paying

26 Chapter 2

NIGERIAN 419 SCAMS

Nigerian scams,also called 419 scams,are a popular fraudulent activity that has been going on since the 1910s. Many of them come from Nigeria, and it’s Section 419 of the Nigerian criminal code that these letters and emails violate.

A typical scam letter purportedly comes from a former African dictator, his wife, his children, a charitable ministry, or other source that one could presume has a lot of money. War in the country or regime change has caused him to flee, and he needs a solid, upstanding, honest citizen of a Western nation to help him retrieve his money. If you would just provide your bank information, he will wire all this money into your account; you are to send it on, keeping back a commission for yourself. To prove your worthiness, you should wire $50,000 to him immediately. The letters are written in flowery, rather pretentious language that appeals equally to your greed and vanity.

People fall for this. Horrifyingly enough, peoplediefor this; at least we presume so, as they go to Nigeria (or whatever country) to claim their funds, and never return.

Others make a hobby of replying to the scammers and stringing them along in return. Some have even managed to get the scammers to give themmoney.

Scambaiting, as it’s called, is amusing and probablynot dangerous, but I recommend against cashing any checks you may receive.

Any time someone important in a third-world country dies, Nigerian letters begin making the rounds. Within a day of Yasir Arafat’s death, letters claiming to be from his wife, Suha, began arriving in people’s inboxes.

Is this phishing? By my definition, yes. Because it’s so old, however, it’s not something I’m going to concentrate on in this book.

If something is too good to be true, it probably is.

your ISP for the time, you are paying for it. Another consequence of spam is that ISPs implement filtering software that may trap legitimate messages without any recourse for users. And the spam in your inbox makes dealing with email a trial. If you’re not using a filter, you get spam, spam, spam, and a side of spam every day. (And if you don’t get the Monty Python reference, consider yourself fortunate. I had the spam song stuck in my head for days while writing this chapter.) Even the best spam filter can mess up, and that includes someone hand-sorting her own email. It’s easy to press Delete one too many times.

Bulk Mail

Because phishing emails are spam, there can be millions of instances of a sin- gle message. So many are sent that it doesn’t matter if most of the recipients aren’t actually members of, say, Piggy Bank. Some of them will be—especially if you’re spoofing the large national financial institutions or carefully targeting local ISPs with their local banks. Table 2-1 shows an imaginary breakdown of a phishing email.

In this example, only one-tenth of 1% of recipients fall for the email. But if each victim has a bank account with $1,000 in it and a credit card with a $2,000 limit, the phisher could make up to $300,000. And that’s just draining the accounts at the bank—a lot more can be made with outright identity theft.

These numbers are all made up. Different phishing spams have different ini- tial volumes; different mailing lists may have different rates of filtering. Depend- ing on how well crafted the messages are, some may be more filtered than others. Some institutions have more customers than others. For this example, I assumed that 1% of the emails were sent to actual customers, and that half of those were filtered out. When 10% of the population can belong to a major bank, those numbers in reality can be very different.

Table 2-1 Breakdown of a Phishing Email

Disposition of Email Number Percentage of Total

Total people spammed 1,000,000 100%

Number of spams not filtered 500,000 50% Number of customers receiving spam 5,000 0.5%

Deleted unread 2,500 0.25%

Read and ignored 2,400 0.24%

Read and obeyed 100 0.01%

Bait and Switch: Phishing Emails 27

I also suspect that my numbers for deleted unread and read and ignored are pretty conservative. Gartner estimates that 3–5% of phishing spams are answered. Even more depressing, Mailfrontier conducted a survey where adults in the U.S. evaluated emails to determine if they were fraudulent. The error rate was 28%. When the test was put online, the error rate held at about 30%. This is not per- fectly representative—for example, it doesn’t take into account the fact that you probably won’t have an account at all those institutions, so you would be able to filter for those you actually have accounts with—but it does show how good phishing emails can be.