Sep 09 2009
I’ve taken the SonicWall phishing quiz, or at least one very like it, at least once a year for the last few years. It’s a fun test of your ability to recognize a phish at a glance, but the reality is that it’s more depressing than fun. After a few examples you start to realize exactly how hard it really is to recognize a well done phishing attempt. And that if security professionals have a hard time recognizing phishing attempts, what’s it like for our parents and non-geek friends?
This is the really scary thing about phishing to me: If I can’t easily recognize a phish and all the filters I use are having a harder and harder time sifting the good email from the bad, how long is it before we have to throw up our hands and declare the bad guys the winners? I’ve read reports that state anywhere between 75% and 95% of all email on the Internet is actually spam these days, even though the numbers are apparently a bit down the last month or two. How long can we sustain a minimum level of usability under those conditions? I know that some non-geek members of my family are already stepping back from email simply because of the spam, so I’m sure there are others out there.
By the way, I scored 10/10. How’d you do?