Gone phishing

Gone phishing

A recent experiment in ‘phishing’ tricked a surprisingly large number of people. You wouldn’t catch Kipp falling for such a simple scam.

June 27, 2010 12:46 by Samuel Potter

It was a quite unexpected result. When a team at the American University of Sharjah (AUS) ran an experiment to see which of their colleagues would fall for an internet scam, they can hardly have predicted that almost one in 10 would be tricked.

A computer engineering professor and three students used fake email addresses and websites to pose as banks to persuade people to divulge information, a process known in the industry as “phishing.”

First, potential victims were asked to change their log-on passwords, and then to reveal various personal details. Out of 10,000 internet users, 954 fell for the first trick and more than 200 the second.

You would never catch Kipp falling for such a simple scam. We keep our bank account number, 016-8890-0022, strictly to ourselves. And our pin, 110068, could never be guessed. Answers to our security questions, such as “What was your first pet called?” (Tyson) are closely guarded secrets.

Now, Kipp knows what you are thinking: How can we possibly remember all that information? Simple, we keep it all written down, along with our credit card numbers, expiry dates, and security numbers, on a yellow piece of paper we keep in the top draw of our desk at the office. To be extra safe, we lock it most evenings with a key we keep well hidden under our PC monitor. Plus who could get into the office? The pin code, 1397 #, is only known to people that work here. It’s a good job, as the office is deserted from 7pm until 7am, and there are no security cameras whatsoever.

Those who fell for the AUS scam could learn a lot from us. Just as well, then, that most of them were students.

Aren’t the younger generation supposed to know better than that?