Why phishing works? (Was: Re: [LINK] Harvard arts-science requires open-access publishing)

[Adam Todd]

At 16:57 16/02/2008, rchirgwin at ozemail.com.au wrote:
>So anything purporting to be from "St George Bank" is bogus, because 
>I never signed on for e-mail from St George Bank. I don't need to 
>stop and think, or look for clues. And I don't seem to have lost any 
>convenience by staying out of the e-mail loop with my bank.


Boy have they been coming in!  I have about 40 in my spam quarantine 
and who knows how many have been bounced.

Now no bank is oging to send 20 or 30 messages a DAY to a user so 
unless they are collecting their email by the minute (and even then, 
the chances of getting two or more of these Sta George ones in a 5 
min period is quite high) people would have to be stupid.

More stupidly, I don't have a St George account, so that's the 
easiest "no brainier" that exists.

I am tempted to set up a phishing responder that replies endlessly to 
phishing spam with bogus email and password details.

It might even save someone from having their bank account drained, 
but then - what do I get out of this community service?  So why bother huh.



The brings be back to "Your name, your date of birth and your 
address" as a means of security.

My goodness!  How many people have that data on their databases?  How 
many people know these details anyway - parents, partners, ex partners ....

It's about time people woke up to the fact that once you give the 
unique information to one person, that's it for being useful as a 
means of security or privacy.