Phishermen impersonate DOJ in spam e-mail
Ed Dickson has a nice post illustrating the badges of authority compliance technique, Phishermen impersonate DOJ in spam e-mail: "
DOJ logo. The press release mentions that the e-mail contain their official logo. Copying graphics is extremely easy to do. Internet criminals do this to make their spam e-mails look more official, or even to create totally spoofed (impersonated) websites.
Recently, Internet Phishermen have spoofed the IRS, FTC and the FBI to trick people into giving out personal/financial information. Of course, they spoof a lot of other organizations, also.
Apparently, the e-mail even contains the DOJ logo on it. This isn't very hard to do because copying graphics takes very little technical skill. To demonstrate, I will copy the DOJ logo and place it at the top of this post.
Because this is so easy to do, a lot of fake websites (mostly financial institutions) are all over the Internet. Read the entire article here. This compliance technique has been well studied. One experiment involves a person directing total strangers to put money in a parking meter. The individuals are simply walking by the meter when they are told to put money in the meter. Not surprisingly, a higher number of people comply with the request, if it is delivered by a person wearing a uniform. Uniforms are badges of authority and commands delivered by such a person are treated more seriously. It is no good to say that we should just ignore the badges of authority. But it is important in your due diligence to review whether you are complying because of a demand made by somone who looks to be an authority. Would you have taken that advice if he or she were wearing a t-shirt and bathing suit -as I am now, posting from the lovely island of Corfu?
DOJ logo. The press release mentions that the e-mail contain their official logo. Copying graphics is extremely easy to do. Internet criminals do this to make their spam e-mails look more official, or even to create totally spoofed (impersonated) websites.
Recently, Internet Phishermen have spoofed the IRS, FTC and the FBI to trick people into giving out personal/financial information. Of course, they spoof a lot of other organizations, also.
Apparently, the e-mail even contains the DOJ logo on it. This isn't very hard to do because copying graphics takes very little technical skill. To demonstrate, I will copy the DOJ logo and place it at the top of this post.
Because this is so easy to do, a lot of fake websites (mostly financial institutions) are all over the Internet. Read the entire article here. This compliance technique has been well studied. One experiment involves a person directing total strangers to put money in a parking meter. The individuals are simply walking by the meter when they are told to put money in the meter. Not surprisingly, a higher number of people comply with the request, if it is delivered by a person wearing a uniform. Uniforms are badges of authority and commands delivered by such a person are treated more seriously. It is no good to say that we should just ignore the badges of authority. But it is important in your due diligence to review whether you are complying because of a demand made by somone who looks to be an authority. Would you have taken that advice if he or she were wearing a t-shirt and bathing suit -as I am now, posting from the lovely island of Corfu?
