Reply to post: Re: Bad Grammar

Hackers so far ahead of defenders it's not even a game

Michael Wojcik Silver badge

Re: Bad Grammar

Maybe more people are getting lured into opening phishing links is due to the declining competence in language skills.

And counting upvoters that's five people who can't be bothered to look at the research. Well, that's hardly surprising.

For random phishing, implausible stories and non-standard language use improve the attackers' ROI, as Herley demonstrated years ago. What's more, many (possibly most) of the victims of random-phishing attacks are well-educated middle-class users who are perfectly capable of recognizing non-standard language when they encounter it. They're not deterred because they fall prey to greed and various cognitive fallacies - again, as various researchers have shown.

In any case, random phishing is a bottom-feeder attack, and not what we're primarily talking about here.

Spear phishing is usually what's used to gain access to internal networks, and those messages tend to be well-crafted, both in general usage and editing, and in referring to organizational specifics like employee names. And spear phishing has about a 90% success rate against a targeted organization with at least ten message recipients, according to some studies.

But, yes, blame the user. That'll fix the problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022