Needed: spellar and gramming lessons for phishermen



  • Fuck's sake.

    I honestly cannot understand why people fall for low-rent shit like this. I mean, I'm assuming that somebody does, or it wouldn't get sent... would it?



  • @flabdablet said:

    I'm assuming that somebody does, or it wouldn't get sent... would it?

    The cost of sending is just barely above 0 (the cost to set up split among each of the millions sent), so even if a hit is really rare it still will pay for itself pretty easily.



  • @flabdablet said:

    I mean, I'm assuming that somebody does, or it wouldn't get sent... would it?

    I've always assumed the same. Maybe someone who's English is the same quality might?



  • Aiming for someone accidentally clicking on it maybe (though based on the number of "watchout someone infected themselves again" emails I get from IT at work many of my coworkers click everything always)?



  • @flabdablet said:

    I honestly cannot understand why people fall for low-rent shit like this.

    I'm not sure about the virus senders, but for 419 scams I've read somewhere that it's a deliberate tactic. First, you only want to deal with gullible people who won't smell bullshit once you ask for money, and second, some of the spammers are apparently obfuscating stupidity, aiming for the "ha, ha, I'm so much smarter than that dumb Nigerian, I can totally con him out of his money!" reaction.



  • @loopback0 said:

    someone who's English

    I see what you did there.

    Not sure if it was on purpose :-)



  • @flabdablet said:

    Not sure if it was on purpose :smile:

    I'm going to claim it was :laughing:



  • @Maciejasjmj said:

    I'm not sure about the virus senders, but for 419 scams I've read somewhere that it's a deliberate tactic.

    That must be true:
    https://youtu.be/_Jih7Dts58c?t=744


  • BINNED

    @Maciejasjmj said:

    I'm not sure about the virus senders, but for 419 scams I've read somewhere that it's a deliberate tactic.

    It comes from a Microsoft research paper



  • @Maciejasjmj said:

    I'm not sure about the virus senders, but for 419 scams I've read somewhere that it's a deliberate tactic. First, you only want to deal with gullible people who won't smell bullshit once you ask for money

    All that a phishing email is after is people gullible enough to click through the bogus link to the bogus login page and enter their real username and password. So if there is a genuine considered motivation behind the execrable English in so many of these things, it must serve only to limit the number of people who actually get as far as clicking the link.

    The only good reason I can think of for deliberately biasing your link-clicking population toward the careless and unobservant is that these are the same people unlikely to notice that the page asking for their password is not their webmail provider's real login page. The only way that would be advantageous is if serving that page costs the scammer enough money to make it worthwhile maximizing the proportion of hits that result in collection of genuine passwords.

    I will often click through one of these links, using NoScript in a private browsing window so as not to end up with cooties, and attempt to log on as try@harder.cunt with a password of dumbfuck (I have a KeePass entry just for this). Costs mere seconds and cheers me up for minutes. But having now thought this through, I'm motivated to set up a bot that reads a list of phishing landing pages and just hammers them with repeated refresh fetches until they 404.


  • Winner of the 2016 Presidential Election

    @flabdablet said:

    a bot

    I think you got your pluralization wrong.

    We have Amazon AWS for a reason guys...


  • sockdevs

    @sloosecannon said:

    We have Amazon AWSZombie Botnets for a reason guys...

    FTFY



  • What's the going rate for processing power in a zombie botnet these days? How cost-effective are they compared to something like EC2 spot instances?


  • sockdevs

    @flabdablet said:

    What's the going rate for processing power in a zombie botnet these days?

    that depends, are you running one, or just buying time on one?

    @flabdablet said:

    How cost-effective are they compared to something like EC2 spot instances?
    if you're running one, surprisingly cost effective, until you get caught by the authorities.

    if you're buying time on one, about even, unless you get caught by the authorities.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.