Ars has a report on a new study showing that college students are shockingly prone to phishing if the email they receive appears to come from an acquaintance:
To generate a database of relationships, the authors used a publicly-available Perl module to crawl social networking sites, including Friendster, MySpace, Facebook, Orkut, and LinkedIn. They selected Indiana students from this database and picked a target population based on the quality of the personal information that was obtained.
Test subjects received an e-mail with headers spoofed so that it appeared to originate from a member of the subject’s social network. The message body was comprised of the phrase “hey, check this out!” along with a link to a site ostensibly at Indiana University. The link, however, would direct browsers to www.whuffo.com, where they were asked to enter their Indiana username and password. Control subjects were sent the same message originating from a fictitious individual at the university.
The results were striking: apparently, if the friends of a typical college student are jumping off a cliff, the student would too. Even though the spoofed link directed browsers to an unfamiliar .com address, having it sent by a familiar name sent the success rate up from 16 percent in controls to over 70 percent in the experimental group.
Of course, men were far more likely to respond to emails from women than from other men.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.