I read an article today about email & phishing, and I’m actually heartened by the same news that the reporter seems to take as pessimistic:
Is it ‘lights out’ for e-mail?
It says that, according to the MailFrontier Phishing IQ Test, email users can correctly identify phishing attempts 82% of the time. They also report that users falsely identify “legitimate” email as a phishing attempt 48% of the time. [Note that this is based on a set of “test” emails, not on the test subjects’ own email inboxes.]
While the writer (Anne Bonaparte, CEO of MailFrontier) seems to believe this means that people’s use of email may be on the decline, I think this is a sign that people are finally treating email as they should: not unlike other forms of spontaneous contact from the outside world.
My wife even forwarded me an email yesterday that looked pretty phishy – an invitation to join a market research survey group, sent by some third party on behalf of Microsoft. Having worked there, my read of it is that it actually *was* legit – I’ve seen plenty of feedback over the years on these marketing-driven email campaigns that – despite all of the good security practices being preached inside Microsoft – still end up looking like they’re a security threat/spam/phishing attempt (when really they’re just poorly-thought-out third-party mass-mailings]. No harm done, just a little twinge on the Paranoid-o-meter, and I really think that’s a good thing.
If someone came up to your door that you’d never met and claimed to be from the IRS and wanted to come in and see your house, would you immediately believe them? What if you got a piece of mail that said it was your bank and that you had to leave your ATM card and PIN # in a mailslot at some odd address?
I for one am glad that people are getting more skeptical about the stuff that floods their inboxes. I live a great deal of my time in my inbox, and I have gotten pretty good at sniffing out illegitimate contact among the hundreds of messages I receive every week. [Fifteen years of jealously guarding my online privacy and trust will do that to a fellow I guess.] I’m glad that others are taking a healthier attitude towards unsolicited email, and I hope this means that they’re wising up that just because someone says something doesn’t immediately make it true.
Personally, I think that people are a little too trusting of people in positions (or illusions) of authority – often believing outright the claims of news reporters, people in uniform, political figures and other “strangers” just because they have the look and mannerisms (or the claimed position) of authority. I will defer to legitimate authority as much as is wise in this day and age (I am a Canadian living in the US, after all), but it disturbs me to think that people around me would have believed any claim that winds up in their inbox.
I think it had to do with the magical nature of computers (for most people) – they don’t know how they work, they don’t understand how fallible the people are that create the hardware & software, and just how riddled with flaws and humanity these whirring beasts really are. It’s like when I tell people about how insecure all the banks are for whom I’ve worked – it shocked me at the first one, and became expected by the third, and now I understand just how thin the ice is on which our finances skate.
Same with email, and thankfully as people have more exposure to it, and see more and more what the latest news report says about what you can and can’t trust, they are starting to see through to the other side of that thin ice, and are treading more carefully.
So what if you delete a few legitimate emails? Your life will rarely end if you don’t get that message – most people, next time they meet up, will nearly always say “Did you get my email?” anyway. Or they’ll re-send the email if they haven’t heard back. Or they too will forget about what they sent, as there’ve been another 200 emails (spam, phishing, and real communications) since the time they sent that email you might’ve inadvertently (or intentionally?) deleted.
It’s a big world, and no email is an island. Especially the ones that promise you a free vacation on one.
P.S. I scored 60% on the Phishing IQ Test II, so what do I know?