Skip to content
Welcome guest. | Register | Login | Add
About | Wiki | Legacy

How phishing scams show the need to evolve with technology

Just as we may talk about the dangers of future technologies when they are put to some negative uses we can talk about the internet as a present and still largely evolving technology and dangers its negative uses pose to other people.

Just as there are movies depicting a future world of highly sophisticated intelligent robots that rebelled against humanity, genetically engineered super humans bringing down tyranny against their inferiors, biological warfare via highly effective engineered viruses and so on there could have been movies in the past depicting a "future" in which internet is used by sophisticated tech-savvy tricksters to get access to people's bank accounts and expensive private data.

That future, of course, is here and we call this practice as "phishing scams":

Quote:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Just in my email inbox alone I've been getting a lot of pretty tricky messages claiming to be from such sites as paypal, ebay, google adsense and so on. Not only do phishing scammers make the destination site look exactly the same, but they sometimes make even the URL look so similar that unless you take a careful look at it you may easily be fooled to think it's the real deal. They will register a domain name with an obscure extension, something like paypal.cc or they will arrange a subdomain that will make the URL look like it comes from PayPal where you literally have to know where the dot should be to know it's not a legitimate URL.

For example I could set up a subdomain that looks like this: www.paypal.com.libervis.com and put an exact copy of the PayPal site and login form there so it looks completely legit. I could perhaps even get an SSL certificate so as to make the page "secure" (therefore putting the lock in the user's browser). The receiver of my email would see that the address starts with www.paypal.com and unless he reads any further (to spot the dot and realize the actual top level domain is libervis.com) he would click the link thinking it's really from PayPal, thus giving me his real PayPal username and password and access to all money he holds in it.

Five million people in US lost an average of $351 to phishing scams, which is 1.75 billion dollars, and scammers are getting better at it. (Source: SC Magazine (quoting Gartner)). Fortunately, people are finally catching on and as you can read in the linked article there is some reason for optimism.

The reason I talk about phishing scams is to illustrate a larger point pertaining to our relationship with technology. As new technologies come by they typically bring with them enormous potential in both positive and negative terms. The power of technology can be used for both good and bad. How it is going to be used and how effectively is going to directly depend on the prevalent mentality and habits of the individuals.

This means that new - and as the case of phishing scams illustrates - existing technologies essentially require the human individuals to evolve at the same pace as the technology they use evolves. Otherwise there is going to be trouble.

In order to truly defeat phishing scams, for instance, what is necessary is for them to become completely ineffective. For this to happen these five million people (in US alone) need to become completely resilient against them. Specifically, when it comes to phishing, what is fundamentally required is for individuals to be more critical of what they are reading, more investigative and less trusting. They need to learn to be more responsible with their use of email and the web sites whose users are the target of phishing scams.

This may seem utopian, but imagine if people weren't so easily fooled to begin with. Imagine if they fostered the mentality of hightened responsibility and critical examination of other people's claims before internet became as widespread to begin with. It's reasonable to assume that phishing would be far less of a problem.

That said, it may seem that I'm using a rather trivial example to back up such a high expectation and you might be right, especially if you consider the losses due to phishing scams "trivial". Eye But I chose this example because it is so close to home. Pretty much everyone who uses email has encountered phishing scams and had to go through this little "evolution" process in order to be resilient to them. As time goes by it's possible phishing will become completely ineffective as people essentially become immune to such low brow attempts to scam them out of their money.

However once we've established the basic problem at this level we could up the ante and talk about something like nuclear technology and the apparent failure of humanity to NOT foster the kind of attitude that led to its destructive use on Hiroshima and Nagasaki and to NOT foster the kind of mentality that led to the cold war and nuclear armaments build up. It is again the problem of technology coming into the hands of the users who aren't quite evolved enough to use it in non-destructive ways.

This problem is one of the most basic subjects that we explore on this site and there is a lot to be said on it, as will be, in future articles.