This week’s post on Disassembling the Woolworths Facebook scam has had a pretty good run. In part, I suspect this is due to the approaching holiday shopping season and in part because I know this scam is really doing the rounds and being seen by a lot of people.
Yesterday I had a chat with Dan Kaplan from Secure Computing Magazine for their podcast and pointed out a number of factors that make scams like this successful:
- They’re endorsed by your friends. You’re seeing people you know like and share these scams as that’s a condition of their “entry”. They have credibility.
- They’re a very low-overhead for the scammer. This is nothing more than a web page.
- There aren’t really any native browser defences against this sort of scam unless the site they’re running on is flagged.
Compare that to the relative difficulty of mounting an email campaign:
- It’s costly in so far as every email has a price. It might be very small or it might be orchestrated by botnets but that also has a cost. Certainly it’s more than just standing up a single web page.
- Victims are cottoning on. People are pretty used to filtering out junk these days and are naturally suspicious of email.
- Mail servers and clients provide native defences. It’s a very small portion of email that actually makes it into my Hotmail inbox and turns out to be junk.
In short, get used to seeing social media generated scams. The risk is low and the ROI is too good to pass up!