What is Digg?Sponsored by Dragon Age: Origins
Follow the Dragon Age: Origins development team on Twitter view!
twitter.com/DragonAge - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
110 Comments
- Squeegee, on 10/12/2007, -0/+4The test is unvalid.. It shows images of the emails so the person being tested doens't know where the linsk go to. Which by the way is one of the main ways for an experienced Internet user to know if the email is fake or not.
- Hypersapien, on 10/12/2007, -0/+3I'd dump all of them in the trash, legit or not.
- YLearn, on 10/12/2007, -0/+2This wasn't a test of safe/unsafe, but rather a test of determining fraud/legit. All examples in the test were real emails that were received by people. Just because companies are stupid and do things to make their emails look like phishing attempts does not mean they are fraudulent. But, I would love to see "curved" results allowing for 1-3 incorrect answers in the more "cautious" approach (i.e. no curve if you thought a phishing email was legit).
- napsterthug, on 10/12/2007, -0/+2That 4% doesn't represent the cautious side. I believe a lot more people are educated on knowing what a phishing email is and know the steps to take to not fall into the trap. I for one haven't seen half of those types of emails before but if I were a customer of those companies I might have known that they were legit or not.
On the safe side I think most people would just write most of those off as being phishing attempts to begin with and therefore aren't at risk as that 4% might suggest. - Kles, on 10/12/2007, -0/+2That test is stupid. Two of the so-called legit emails were fraudulent. Their logic behind what is safe and what isn't is flawed.
- procras, on 10/12/2007, -0/+1somehow i scored 10/10, but not because the test was designed well. the test denies you almost all the information actually required to verify yea/nay whether an email is a phish, namely 1) ability to view link addresses, 2) sender header information, 3) intended recipient header information.
- rwheeler, on 10/12/2007, -0/+1ATTENTION guys that keep saying that this test sucks....
If you click on "why" for Chase, it says:
"When email offers like this one offer products and services that interest you - *go directly to the company's homepage* and find out about them there". It also mentions checking the links, but warns that links are often forged.
Basically, this test is about whether you can filter out the phish frauds *quickly* by just looking. I'm sure we all have the time to whois every email we get. So just quit your bitching, show this to Mom and Dad, and get back to digging.
/You got 10 out of 10 correct, or 100 % - lannybudd, on 10/12/2007, -0/+1BS. If company X wants me to respond to email, it better be going to www.X.com. No variations, no spelling or grammatical errors. Otherwise it is suspicious and gets trashed.
- Drood, on 10/12/2007, -0/+1The test is *****. First thing you do on any suspcious email is check the headers. Can't do that on that test. I'm quite sure the percentage would go up if you had the message headers there.
- JCinDE, on 10/12/2007, -0/+1The 4% figure is misleading. Show us the number of people whose wrong responses were all false-positives for phishing and we'll get a much better sense of who is at risk.
- Dhalgren, on 10/12/2007, -0/+1It also depends on your situation. For instance, I get paypal phishes to an e-mail account that I don't have connected to Paypal... Just looking at an e-mail is not the only way that I identify them as fraudulent, I use information about the situation that you can't get by looking at random e-mails. Also, themeparkphoto is right, never follow these deals from e-mails. Always type the address in yourself. (then, of course, there is the possibility that you have been hijacked, and then identified as a phish target and when you type in the address it takes you to the wrong place as well.)
I would say that I don't care becuase I can always spot the fake ones when they come to me, and I keep my computer clean of spyware (as much as you can). However, when all the stupid people get suckered we all end up paying for it in the long run... - spadin, on 10/12/2007, -0/+1I got Capitol One and Bank of America wrong. The Capital One email was hard to check the address. I thought it was bfio.com and it turned out to be bfi0.com. The Bank of America one is horrible. They are very stupid for registering two domains that do the exact same thing. They should have bankofamerica1.com direct to bankofamerica.com. With these idiots running bank sites no wonder people get scammed.
- stolenpass, on 10/12/2007, -0/+1I think this test is more geared towards less savy Internet users. It's designed to promote caution when clicking links and going to sites. The idea is not everything is as it seems.
With thousands of people falling for phishing scams educating these people is more important than all the people here whining about how it scored them incorrectly. - gherikill, on 10/12/2007, -0/+1Crap test, I would spend most of my time checking the URLs and mouseover commands.
- number5, on 10/12/2007, -0/+1I got 80% but this test is very flawed,mosty its just try to scare people in to buying the product thay are selling,the fake email may be a copy of the real one with hyperlinks changed how i am i spose to figer that out form a pic
- DephexTwin, on 10/12/2007, -0/+1You know, I think it is fair to say if you got 90% or 100%, you actually did worse than the 80% people.
The reason I say that is because I don't see how it can be construed as a Good Thing if you assume that two suspicious emails are legit, and they just happen to be legit but created recklessly by the companies. I think the most important lesson for Joe Email-User, who-- let's face it-- is never going to truly get a handle on the latest phishing tricks, is to err on the side of caution, based on a few simple rules (e.g. *never* trust a link from an email that doesn't go to the official domain of the company it is supposed to be from).
Even if I checked up on the bf10.com domain and it looked like it was probably Capital One, I would *still* ever trust the email links on that email.
Sorry for this rant, but this quiz really misses the point in a damaging way. I would hate for a user who doesn't know a whole lot about it to see that they should have considered those two crappy emails legit, and modify their email browsing accordingly. - deviationer, on 10/12/2007, -0/+1got 8/10
only ones I got wrong were Bank of America and Capital One
there web addresses didn't look real - Karyyk, on 10/12/2007, -0/+0If this is indeed the case, then 96% of internet users are bloomin' idiots.
Then again, after getting the calls I do on a daily basis, that actually sounds about right.
I do have to admit that I missed one, the Capital One e-mail, thanks to the bif0.com domain in the URL. Better safe than sorry...or paranoid for that matter. - AdamCo, on 10/12/2007, -0/+0"So UNBELIEVABLY correct. bfiO.com/bfi0.com have NOTHING to do with capitalone, therefore anyone going to such sites to "log in" is a moron. and bankofamerica1???"
Apparently they do, because they are legit. You still should log in by typing the URL to the main site and then logging in from there, but your statement is ridiculous considering they are actual links for those companies. - pussyWagon, on 10/12/2007, -0/+01. Chase
Legitimate ... CORRECT
2. PayPal
Phishing Fraud ... CORRECT
3. Bank of America
Legitimate ... CORRECT
4. Washington Mutual
Phishing Fraud ... CORRECT
5. MSN
Phishing Fraud ... CORRECT
6. Earthlink
Legitimate ... CORRECT
7. Amazon
Phishing Fraud ... CORRECT
8. eBay
Phishing Fraud ... CORRECT
9. Capital One
Legitimate ... CORRECT
10. Network Solutions
Legitimate ... CORRECT
You got 10 out of 10 correct, or 100 %
I figured the CapOne was real because they used a a key for your entrance - which comes after the domain. Phishers would just create a php page. Same with Bank of America. I found the test interesting at least. - pacificdrums, on 10/12/2007, -0/+0I got 100% yay!!!
- MrLobster, on 10/12/2007, -0/+0Good idea to have a test and educate people, but to penalize people who are cautious is dumb. In reality I would have deleted all those emails so fast that it wouldn't matter if they were real or false. I missed the Bank of America and Capital One questions but could have checked the domains if I was so bored.
- AdamCo, on 10/12/2007, -0/+0I thought the Washington Mutual one was funny because of how much detail they went into, calling it a Five star hotel and everything like they were advertising for the hotel. Why would phishers think a bank would include such details?
- nymphetamine, on 10/12/2007, -0/+0You got 10 out of 10 correct, or 100 %
too easy. - plosfas, on 10/12/2007, -0/+0i got 100% but only after a lot of thinking
- inactive, on 10/12/2007, -0/+0apparently signupaccounts.com is paypal's site... What's next? I scored 70 because I was too sensitive... And I really like to have headers and raw HTML, plus I think it's a good idea to block all HTML emails.
- jrclements, on 10/12/2007, -0/+0well, holy crap. i got 10/10. i was going to say that it's really difficult to judge the legitimacy of an email based strictly on the message itself. usually, if the email asks for verification of any information and doesn't tell you to go the website and log in, it's fake. and there's usually some kind of javascript altering the url displayed in the status bar, so i just view the source and see where the links are going, if i'm suspicious. but i always go to the site to log in...
- evansls, on 10/12/2007, -0/+0i was given an 8 out of 10, which is wrong. the bank of america example had a single digit in the url at the bottom like this: http://www.bankofamerica1.com, which they said is legit!??? Uh, I dread the day I find a link that says www.wachovia1.com? This is not a good test to verify if you know phishing or not...
- dmoney06, on 10/12/2007, -0/+0Anyone could spot all of the phishing emails, by saying that every single one was a phishing email.....
- Moocat, on 10/12/2007, -0/+09/10 due to the Capitol One like many others.
The title of the article and the article itself is HIGHLY misleading. Maybe 4% of internet users can spot every single email accurately but I bet a good percentage more than 50% can spot ALL the phising emails, thereby eliminating their risk.
Don't play politician with research please, let the people decide what to do with the results. - .Steven, on 10/12/2007, -0/+0However it would be 50000x easier to see if I could see where the link went to... and any way, type the dam url in the box your self. Done, no phishing...
- Icefreez, on 10/12/2007, -0/+0The site has been killed by you guys :P
- .Steven, on 10/12/2007, -0/+0You got 10 out of 10 correct, or 100 %
- watkeys, on 10/12/2007, -0/+0Those who considered some of the legitimate messages phishing should check the WHOIS records of those domains: e.g. bfi0.com is registered to a legitimate company, Bigfoot, which offers e-mail services. I think the test is pointless because when I get similar messages, I know that I don't have a Bank of America or Washington Mutual or Chase account. I don't need to stare at the URLs in the status bar to figure out whether they're phishing messages or not.
- cparsons, on 10/12/2007, -0/+0All frauds
- ksgant, on 10/12/2007, -0/+0I got 70% right. The ones I got wrong were all legit non-phishing sites so really, I was protected either way you look at it.
- ryansw, on 10/12/2007, -0/+010/10... I had to study each one quite a bit and found that one of the biggest "flags" were the e-mails not being formatted properly. I seem to personally get mailed a large number of fraud e-mails under the eBay and PayPal names, maybe because so many people have accounts with these companies. Good test, people who hate is didn't score well. ;)
- capn_caveman, on 10/12/2007, -0/+0First of all, I wouldn't click a single link in any one of those emails no matter how trusted it looked. Second of all if I did click a link to a phishing site I would know it was a phising site in about 3 seconds. I would never ever click a link off of an email and put any personal information into my web browser - legit site or not.
- SniperX, on 10/12/2007, -0/+0Again, 8/10 - bankofamerica1.com - bfi0.com problem. Ignorance.
"You know, I think it is fair to say if you got 90% or 100%, you actually did worse than the 80% people.
The reason I say that is because I don't see how it can be construed as a Good Thing if you assume that two suspicious emails are legit,"
So UNBELIEVABLY correct. bfiO.com/bfi0.com have NOTHING to do with capitalone, therefore anyone going to such sites to "log in" is a moron. and bankofamerica1???
Although all of this is entirely obvious when you look at the QUIZ's URL and title:
survey.mailfrontier.com
"Spam Filter, Email Security - MailFrontier" - odsae, on 10/12/2007, -0/+0WTF is capital one doing? That url looked fake as hell. The rest were pretty easy.
- EliGottlieb, on 10/12/2007, -0/+0All of them were mere pictures rather than emails, so determining phishing or not becomes harder due to the lack of URLs.
I was overcautious and got 60% due to thinking one phish was legit and 3 legits were phish. Meh. - Wilson, on 10/12/2007, -0/+0Well then. 96% of Internet users need to get acquainted with Mr. Statusbar. It may be at the bottom of the window, but that doesn't make it unimportant, damn it!
- osuadh, on 10/12/2007, -0/+0guess i'm part of the 4% since I got them all right. The emails were pretty stupid though.
- tuneshark, on 10/12/2007, -0/+0If you always open a new browser, good for you.
If you show this to mom and dad and they learn to always open a new browser, good for you.
If you got all bent out of shape because you are used to acing tests in school and this one isn't based on clearly differentiable examples (because they are from the real world), but then you realized that was the point and remembered that you always open a new browser anyway...
good for you. - scottperezfox, on 10/12/2007, -0/+0I got 9/10. (Chase)
- Tobey, on 10/12/2007, -0/+0I got 90% correct. For some reason I said the MSN one was legit, I don't know what I was thinking.
- nature, on 10/12/2007, -0/+0I think most people that scored 8/10 answered BoA and Capital Direct as phishin sites. The Sysadmins for those sites should be admonished for having such horrible domain control, there's no way that they look legit.
- pcmonline, on 10/12/2007, -0/+07/10...that test was a little tricky...but I tend to not trust those kinds of emails anyways.
- skyhighrockets, on 10/12/2007, -0/+09/10 (90%)
Like other people, the Capital One email really thre me off, because of the links going to bfi0.com
A credit card company should never need a random domain like that.
I still think I did very good on the test, as I wouldn't recognize the meaning of the partial account number stuff, as i don't have access to my bank account. -
Show 51 - 100 of 110 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is