re-posted from The Informant, the blog of the National White Collar Crime Center
In recent years, a large number of computer users have wised up to the cons and come-ons of Internet thieves. Most recognize the “we’ve found a problem with your bank account” and “you’ve won the lottery” ploys as standard tools of the criminal trade. The “Danger” sign went up and people knew to stay away. But a surprising number still haven’t gotten the message.
While it’s impossible to know just how many phishing emails are successful, a published report puts the number at between 1 and 5%. That may not sound like a lot but when you consider the tens of thousands of spam emails that constitute a typical phishing campaign, the success rate is staggering.
Phishers have learned to adapt to the ever-changing Internet landscape. In addition to making their products increasingly more sophisticated, they “personalize” their emails using social engineering techniques. By adding the recipient's name, professional affiliations and other personal information (most of which is available via open searches), phishers can disarm otherwise savvy consumers and trick them into providing their personally identifiable information (PII). That veil of legitimacy is the scammer’s secret weapon. Without it, most people would probably just reach for the delete key.
This is why we at Scam Victims United always tell people that if you get an email that says it is from a company that you do business with, call that business through their customer service number, which can be found on a statement or bill that you have from them . . . don't click on the link in the email.