this post was submitted on 15 Mar 2025
1085 points (98.1% liked)

Programmer Humor

21640 readers
1789 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] 0ops@lemm.ee 58 points 2 days ago (2 children)

I heard once that the reason that those phishing emails are (usually) pretty obvious is because the phisher doesn't want to accidentally catch a more attentive and careful victim, spend time trying to wire money from them, only for the victim to realize that it's a scam before following through, therefore wasting the phishers time. The type of person to fall for the Nigerian prince stuff is not common, but they exist and the odds of them paying out are much higher.

[–] CanadaPlus@lemmy.sdf.org 13 points 2 days ago* (last edited 2 days ago) (1 children)

I've heard that too. But, super-realistic scams exist, so if that's right it's just splitting the difference between the two that's a bad strategy.

[–] JackbyDev@programming.dev 14 points 2 days ago (2 children)

It's mass phishing versus spear phishing. I believe anyone would fall for a highly specific spear phishing campaign from dedicated individuals, but I don't believe most people are important enough to be victims of it nor do most people need to really do it.

[–] CanadaPlus@lemmy.sdf.org 2 points 1 day ago* (last edited 1 day ago)

The cost of people to run the scams is also a big factor. If poor quality can actually be an asset, slave labour from Myanmar or similar is going to be very competitive. You can have a small center full of those unfortunate people for the price of one Western cracker to do spear phishing.

[–] 0ops@lemm.ee 3 points 2 days ago

Right and the motives are likely going to be different too. Mass phishers are just out to make a quick buck, but targeted phishing could be for money, intelligence, disruption, making a statement, or even just clout.

[–] Licksrocks@lemmy.world 4 points 2 days ago

Depends on what the end goal is. Wire fraud? Sure. Typically a Business Email Compromise will try and compromise the account credentials to use it as a location to send other mass phishing attacks to their contacts, gain access to sensitive information the user had, or laterally move between systems and further compromise the organization. In that case, you would want the message to appear as legitimate as possible to gain access to the highest privileged accounts.