Why phishing works? (Was: Re: [LINK] Harvard arts-science requires open-access publishing)

rchirgwin at ozemail.com.au rchirgwin at ozemail.com.au
Sat Feb 16 16:57:04 EST 2008

Marghanita, your mention of the Harvard study was timely, considering 
the unbelievably inept phishing message I received this morning. More on 
that later.

The Harvard study ignores a key reason that phishing "works": because 
institutions such as banks try to habituate users to dealing via e-mail. 
I still get nags at my Internet login to provide my e-mail address to my 
bank. Telstra still tries to ask me to sign on for e-mail billing at any 

So anything purporting to be from "St George Bank" is bogus, because I 
never signed on for e-mail from St George Bank. I don't need to stop and 
think, or look for clues. And I don't seem to have lost any convenience 
by staying out of the e-mail loop with my bank.

Back to the inept phish. The whole thing is below my signature; but the 
items that made me laugh are quickly summarised:

1) The html is so bad that the message collapsed in a heap of incoherent 
text and tags.
2) The message loads images from Chase Bank as well as St George; the 
authors seem to be working to a template that they were too lazy to edit 
3) The English is purely dreadful. It threatens, for example, a 
"temporal hold" on my account.

The whole text is below my sig, for those who like to laugh at the 
incapacity of idiots... This one came from the .tw domain, which I 
suppose is a change from somewhere in Russia.

Richard C

Content-Type: text/html

Content-Transfer-Encoding: 8bit

<html><head><style type="text/css"><!--

blockquote, dl, ul, ol, li { padding-top: 0 ; 

padding-bottom: 0 }

--></style><title>Nationwide Online Banking Security Update 



type="cite" cite><img


<br >


face="Verdana" size="-1">

<b style='mso-bidi-font-weight:normal'><span


;font-family:Verdana;color:#000099'> Unauthorized Internet Banking  Access 


</span></b><span style='font-size:  






style='font-size: 9.0pt ;font-family:Verdana;color:'> 

<br><br><span style='font-size:  9.0pt 


Dear St.George Customer,<br><br> 

Due to multiple login attempt error on your online account,we have 

temporaly suspended your access to online banking and services.

<br> <br> 

To ensure your identity and your internet banking 

account is secured,Upgrade and Update your NetBank Account now to enjoy the 

benefits of online banking with 

St.George Bank Limited.<br> 






Click Here]  </a> to procceed.


Security Advisory,


St.George Internet Banking 





Please update your records on or before 48 hours, a failure to update 

your records will result in a temporal hold on your account  

 - it's one more way that St.George Internet Banking makes your online 

banking experience 

better..<br><br>©2008 St.George Bank Limited. ABN 44 123 123 124.

<html><head><style type="text/css"><!--  

blockquote, dl, ul, ol, li { padding-top: 0 ; 

padding-bottom: 0 }--></style><title>Security Update 


type="cite" cite><img  

src="http://www.chase.com/ccpmweb/shared/image/guaranteelogo.gif"><br><br > 

More information about the Link mailing list