I get phishing scams in my email all the time. Some even defeat spam filters.
Over at our sister site Tech Republic, blogger Jason Fielding muses on why some people still fall for this stuff.
He writes that curiousity got a hold of him the other day and:
I had to follow one of the links to see what the next stage of the scam looked like (of course I removed my email address from the URL variables to make sure I didn’t let them know that my address is valid); first of all Internet Explorer blocked the site plainly telling me that the site was a scam, next the front page which emulated a logon window simply continued to the next step despite me putting in ‘goaway’ and ‘youidiots’ as my username and password.
The next page was the money maker; they asked for everything: name, address, phone numbers, email address, account number, sort code, visa number, expiry, security code, mothers maiden name, first pet, first school and so on. As well as asking for bank and credit card details they wanted anything that could be used to verify my identity over the phone.
It would be easy to stereotype the senders of these scams as overeager types at Internet cafes in China, Nigeria or the Czech Republic, hooking up into bots, with the ultimate beneficiary being some guy with a dacha.
It would also be easy to stereotype the respondents to these scams as inexperienced and naive Internet users, trusting types, and perhaps the financially desperate.
Perhaps one of the reasons why phishing scams catch on is that to a pathologically overtrusting Internet users, there is an implication of "why not try this" possibility in a $20 offer that doesn't ring true in an obviously phony email from the family of a deposed potentate. And yes, there are the childlike types who don't realize how easy it is for a phisher to right click and copy a bank's logo to a mass email.
Also, the cost of blasted emails are so cheap, a 1 in 1000 response rate provides steady work for the guys at the Internet cafe, and ultimately, steady money for the guiding lights of these criminal rings.
Have you ever been tempted to respond to an obvious phish?