this post was submitted on 15 Mar 2025
1084 points (98.1% liked)
Programmer Humor
21640 readers
1828 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I heard once that the reason that those phishing emails are (usually) pretty obvious is because the phisher doesn't want to accidentally catch a more attentive and careful victim, spend time trying to wire money from them, only for the victim to realize that it's a scam before following through, therefore wasting the phishers time. The type of person to fall for the Nigerian prince stuff is not common, but they exist and the odds of them paying out are much higher.
I've heard that too. But, super-realistic scams exist, so if that's right it's just splitting the difference between the two that's a bad strategy.
It's mass phishing versus spear phishing. I believe anyone would fall for a highly specific spear phishing campaign from dedicated individuals, but I don't believe most people are important enough to be victims of it nor do most people need to really do it.
The cost of people to run the scams is also a big factor. If poor quality can actually be an asset, slave labour from Myanmar or similar is going to be very competitive. You can have a small center full of those unfortunate people for the price of one Western cracker to do spear phishing.
Right and the motives are likely going to be different too. Mass phishers are just out to make a quick buck, but targeted phishing could be for money, intelligence, disruption, making a statement, or even just clout.
Depends on what the end goal is. Wire fraud? Sure. Typically a Business Email Compromise will try and compromise the account credentials to use it as a location to send other mass phishing attacks to their contacts, gain access to sensitive information the user had, or laterally move between systems and further compromise the organization. In that case, you would want the message to appear as legitimate as possible to gain access to the highest privileged accounts.