Hello,
I am Mr. Engmabork from the United Falscharsch bank in Switzerland. We recently found that you are the recipient of funds left in inheritance by an ancestor. We owe you (with principle and interest) a sum of $5,230,193.02.
To claim your right to these funds, please send us your current address, maiden name, checking account number, and social security number so we can verify your identity and wire the money to your account.
Thank You, Mr. Engmabork
Scams like this have been around for a while, and the vast majority of folk are smart enough to ignore these illicit attempts at information retrieval. Though they have worked in the past, common sense often comes into play and inhibitions prevent us from revealing data that can compromise identities.
Even phishing emails are usually identified by most as fradulent; in fact, most email filters now automatically move these scams to a special folder. But not all phishing is as black and white and as one might think.
I'm going to attempt to classify a few types of phishing from obvious to convincing. I'm only going to look at the voluntary distribution of personal data, so I'll be ignoring those that are a breach of physical security (unlocked computer) or malware/virus retrieval of data.
Chain Mail
There was once a time where you had to ask whether not a person has an email address. Now you just assume they do. A staggering majority of Americans have at least one email account, but back in yesteryear (antiquity, some might call it), phishing was still fairly common. At one point, email would circulate asking you to add some information to the letter or some poor girl with a disease would not survive. Why wouldn't you? It would be heartless not to; what harm could it do? You're then supposed to send that email to everyone you know, including the person who sent it to you. That information, no matter how small, is now distributed to broad range of strangers. All it takes is six degrees to reach everyone in the world.
Rating: obvious and relatively harmless. Oftentimes, you won't be putting your email password in the chain mail to circulate.
Business Impersonation
Another phishing scam is where an email is sent to you as if it were from a reputable company with which you subscribe. Often times, like the email to the right, it will describe some action required from a user in order to prevent charges/closing/reprimand of the account. Of course, the email will provide links so you have easy access to the website. Once there, you sign in... only you haven't noticed that the link was to a private website built to resemble that company's website, and you just entered your credentials into a phisher's trap.
Rating: fairly convincing. If you passed on your credentials to a bank website, serious damage could be done.
Social Phishing
My third example includes two very genius phishing attempts. Even I almost fell for one. Both of these statuses came from Facebook and ask for interaction with friends that you know. It's fun!
The first status had fill in the blanks that asked friends to show how much they know about you. Details included age, favorite color, pets, parents, etc. I figure any friend can get at least half correct in any attempt.
The second, and more grievous of the two, is a reference to the royal wedding in England. Oh, how quaint. In this game, you're supposed to post your royal name: something along the lines of Lord Michael Rufus-Denis. The first name is supposed to be the name of a grandparent. The surname is supposed to be your first pet hyphenated with the street you grew up on.
Do any of these "blanks" or "names" sound familiar? You guessed it. In fact, these are security questions from FACEBOOK ITSELF! (see below)
Rating: very convincing. Because there is an element of fun and nonchalance, it's quite easy to evoke this compromising information from a Facebook user. Here, common sense doesn't go as far because of the disarming nature of the prompt.
More and more, I see evidence showing that schools must educate their students on internet etiquette and security. A lot of these phishing scams are now targeting teenagers who now have some access to a parent's credit card information since cards are so easy to use online. We all have to be proactive when it comes to limiting the information we publicize on the internet, and we will have to continually adapt the methods with which we protect ourselves from voluntarily divulging information.
Stay sharp, and be on the outlook.