For example, like most people these days, I have a number of bank accounts with more than one bank. In the UK we have a small number of main banks that trade themselves in several different guises, so although the number of banks is, in one way, small the actual number of banks a person can open accounts with is actually quite large. So if a phishing attack, that is an email designed to look like it is coming from a legitimate organisation such as a bank with the intention of duping me into divulging my account number, internet passwords and, go on, my ATM PIN for good luck, dropped into my inbox and appeared to be realistic I might be caught out. But luckily, once the guys who think I may be susceptible to this kind of skulduggery decide to email me, they choose to send me multiple emails seemingly from every UK bank you can think of in quick succession. Consequently, when I open my inbox I'm presented with a raft of similar emails encouraging me to provide sensitive information about bank accounts I do and don't have.
Then there's the begging emails from Africa explaining that there's an inordinate amount of cash stuck in an account belonging to some poor soul who unfortunately met their maker suddenly without leaving provision to shift their inheritance. Luckily for me there are a shed load of unscrupulous bankers in Africa, apparently, who are prepared to forego professional ethics for a dirty deal involving transferring riches that don't belong to them using my bank details. Oh, and my internet passwords. And ATM PIN if I would be good enough. They've obviously missed the point if they haven't noticed that we have our own unscrupulous bankers here in the UK, so I really don't need to deal with faceless crooks overseas, thank you. We have our own.
The real problem with being able to spot a dodgy phishing email a mile off, though, is that we don't know if we're quietly falling for the ones that don't stick out like a sore thumb. Because I don't believe all the crooks out there are stupid, illiterate or even dumb. The clever ones won't send the obviously crooked too-good-to-be-true emails, they'll send the ones that will quietly slip under your radar and trip you up.
There's so many of the dodgy emails hitting our inboxes it is reasonable to assume that the problem is worldwide and coming from all angles. Maybe it is, but research carried out by a Dutch researcher has revealed that although there are more than 42,000 Internet Service Providers (ISPs) worldwide, just 20 of these were responsible for routing over 50% of the junk mail, phishing attacks and other malicious messages worldwide. Unsurprisingly most of these originated in developing countries such as India, Vietnam and Brazil. Naturally Nigeria, the source of many a fortune waiting to be transferred to a bank account of your choosing, was also there, with a Nigerian ISP, Spectranet,managing to top the list of spam messages with 62% of its output falling into this class.
And these attempts are not just an irritation. Billions of pounds are swindled every year through various internet scams, because although most of can see the falsity of the emails a mile off, one in ten thousand obviously falls foul. And let's not forget what I said about the ones that actually are too good to spot - I don't know if they exist because if they do, they'll be too good to spot. But even if you are smart enough to spot each and every attack, clearly others don't and somewhere along the line banks often end up forking out for allowing their security to be breached, even if the harmed individual inadvertently handed over their account details, passwords and ATM PIN for good luck. Which means the banks will be passing those losses onto us, either as customers or, as citizens in various democracies that have bailed the banks out, as reluctant shareholders.
This research is probably the single most practical piece of research into the topic possible. The ISPs that pass the majority of the dodgy emails may not be the originating ISPs for the scams - the truly capable criminals will bounce the emails all over the place to cover their tracks - they are clearly not helping the situation. If all ISPs downstream of the 20 worst blocked all email traffic from them - legitimate or otherwise - then the ISPs would be forced to modify their processes or die a commercial death. The legitimate customers would switch their custom, as would the criminals, but eventually we would hound the ISPs into policing their own networks.
We'll never eradicate spammers, is my best guess, but we should be doing whatever it is we can do to make their lives difficult.
I can be followed on Twitter too - @RayASullivan
or on Facebook - use email@example.com to find me
Want to see what B L O'Feld is up to? Take a look at his website here
Worried/Interested in the secretive world of DLFs? Take a look at this website dedicated to DLFs here, if you dare!