Bad Guys Have It Too Easy

Ohhh Nooooo! Spammers, phishers and malware purveyors will become trickier and more sophisticated in how they attempt to get people to fall victim to their scams. What are we going to do? According to a new report by Google's Postini team, the levels of spams and phishing attacks have increased in recent years and we should expect to see new avenues for launching attacks, especially levering new Web 2.0 technologies such as social networks. The report also suggests that the bad guys will specifically target high-level victims, such as executives at certain firms. So if this report is right, then it sounds like the bad guys are going to be working extra hard to make sure they get victims to fall for their scams and install their malware. But the one question I have is, why bother? I mean, to me this is a little bit like hearing that the Harlem Globetrotters are working on new and advanced tactics in order to beat the Washington Generals. My advice to the scammers is don't go to all of this trouble. There are still plenty of clueless anti-securityites out there who will continue to fall for even the most obvious and basic spams, phishing sites and infected email attachments.

Jim RapozaOhhh Nooooo! Spammers, phishers and malware purveyors will become trickier and more sophisticated in how they attempt to get people to fall victim to their scams. What are we going to do?

According to a new report by Google's Postini team, the levels of spams and phishing attacks have increased in recent years and we should expect to see new avenues for launching attacks, especially ones leveraging new Web 2.0 technologies such as social networks. The report also suggests that the bad guys will specifically target high-level victims, such as executives at certain firms.

So if this report is right, then it sounds like the bad guys are going to be working extra hard to make sure they get victims to fall for their scams and install their malware.

But the one question I have is: Why bother?

I mean, to me this is a little bit like hearing that the Harlem Globetrotters are working on new and advanced tactics in order to beat the Washington Generals.

My advice to the scammers is don't go to all of this trouble. There are still plenty of clueless anti-securityites out there who will continue to fall for even the most obvious and basic spams, phishing sites and infected e-mail attachments.

Let's face it. Things aren't getting better on the security awareness front. Despite continued efforts by pundits, security vendors and IT departments, there are still more than enough people out there happily clicking on e-mail attachments that practically scream "virus". And oh yeah, I've also heard that at many companies the executives are among the worst when it comes to getting viruses, so no need to go all out targeting them with smarter attacks.

And outside of user security, things are also getting worse. I've heard from more and more IT workers at firms who tell me how their businesses have let their security infrastructures stagnate or have even cut back on their security preparedness (a practice that is sure to accelerate in the current economy).

Making things even worse, the security vendors themselves haven't been knocking themselves out in the innovation and advanced tactics arena. I find it pretty hard to find many interesting innovations or advancements in security products in the last few years.

So what we have now is a situation where users, businesses and security vendors are making it easier than ever to find and scam the security-resistant among us. In such a world, advanced con tactics aren't needed. I mean, why go to all of the trouble of the Spanish Prisoner when a simple three-card monte will work fine.

Of course, things could change. People could start to realize that it isn't that much work to avoid most scams and viruses. That just a tiny bit of skepticism and vigilance will help users keep their systems safe. That smart business security practices will help companies avoid embarrassing losses.

If those things happen then the bad guys would have to get a lot smarter and work a lot harder for their ill-gotten gains.

But of course right now that isn't the case. Instead, finding victims for simple spams, phishing and virus attacks is as easy as taking candy from a baby. And until lots of users and businesses decide to grow up, the bad guys will find that advanced tactics aren't needed.