claws-mail

Posted Aug 15, 2017 6:58 UTC (Tue) by mpr22 (subscriber, #60784)
In reply to: claws-mail by robbe
Parent article: The coming WebKitGTK+ 2.4 apocalypse

My bank and my credit card issuer, which is a wholly-owned subsidiary of my bank, do indeed send me e-mail that they think I will want to read. Every actual piece of phishing spam I have ever received has been obviously "phishy" compared to a genuine communication from an ostensibly reputable financial institution. (The - probably deliberate, given the psychology of phishing - abysmal standard of proofreading is the most trivial giveaway.)

phishing mails

Posted Aug 15, 2017 18:18 UTC (Tue) by robbe (guest, #16131) [Link] (1 responses)

Yes, phishing mails I get are mostly of very bad quality. But relying on that seems really shoddy security.

Why do you figure that these mails are deliberately bad? To target only the most gullible of victims?

phishing mails

Posted Aug 16, 2017 8:55 UTC (Wed) by anselm (subscriber, #2796) [Link]

This is fairly well-established in the case of Nigeria-419 scammers (“I can get you $$$$$ but you must send me $$ first”), who need to deal with any potential victims who reply to the scam on a case-by-case basis – in order to save themselves work, the scammers try to concentrate on people who are greedy enough to fall for the scam but not smart enough to figure out they're being scammed.

As far as “enter your Amazon/banking/… account details on this unrelated web site immediately or you will be locked out”-style phishing goes, this can be mostly automated, and therefore the phishing mails are becoming much better-looking than they used to.