Social Networks and Phishing

Posted on August 14, 2007
Filed Under computers |

At my day job, phishing is a big deal because we are sometimes involved in the identification and takedowns. Bruce Schneier has an interesting post pointing to two studies of phishing when you spoof headers to make it appear to originate with a friend or present the first 4 digits of a credit card (which are fixed across companies and there exists only a few combinations) and then ask for the last 4. The common theme is how easy is it to counterfeit trust. There is one dodgy bit of math in Bruce’s comments, though:

Another attack comes to mind. You can write a phishing e-mail that simply guesses the last four digits of someone’s credit-card number. You’ll only be right one in a thousand times, but if you send enough e-mails that might be enough.

Umm, no. That would be one in 10,000 my friend. The idea holds but the frequency is wrong.

Popularity: 16% [?]

Related Posts:
  • Networks and Podcasts
  • Question about your Item
  • Punk Rock and Social Media
  • No Title
  • Alternate-Reality Shows

    • Comments

    2 Responses to “Social Networks and Phishing”

    1. PJ Cabrera on September 3rd, 2007 11:40 am

      Actually, you’re off by one. 0000 isn’t valid as the last 4 digits of a credit card. :-)

    2. PJ Cabrera on September 3rd, 2007 11:41 am

      Hey, as long as you were being pedantic, why not me too? LOL

    Leave a Reply