Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Almighty Buck Security

Phishing Is a Minimum-Wage Job 224

rohitm918 writes "A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"
This discussion has been archived. No new comments can be posted.

Phishing Is a Minimum-Wage Job

Comments Filter:
  • by Garridan ( 597129 ) on Tuesday January 06, 2009 @08:09PM (#26351871)

    I always wondered what the remaining 5% of computer science majors did, who didn't end up working minimum wage jobs at McBurger Queen...

    • Oh yes, the article makes it sound like they'd rather apply at Wal*Mart for shelf-stocking rather than phish, but honestly - having a myspace password or five is probably less paying than stocking shelves and fetching (or pretending to fetch) an item or two every now and then. And IMHO, Wal*Mart stockers (at least in my area) are probably more competent than most phishers, at least from the obvious fakes I've seen.

      Sorry if I was an insensitive clod and offended any /.ers that happen to stock shelves for
      • Re: (Score:2, Funny)

        Hey! I'm an insensitive clod who makes fun of people who happen to stock shelves for a living, you insensitive clod!

  • Minimum wage in the US perhaps but when the phishers live in a country with a higher exchange rate. They can be making considerably more than minimum wage in their own country. Infact I bet you could work and also do some phishing on the side (just like granddad use to do).
    • by teh moges ( 875080 ) on Tuesday January 06, 2009 @08:50PM (#26352219) Homepage
      If you read the article (which no-one ever does, but just in case you get modded insightful by a mod who didn't either), you'll see that minimum wage is a relative term.
      The pool of phishing money is (more or less) static, so when more people start phishing (which happens as it becomes easier), the available money per phisher goes down until its not worth it. If this is less then the minimum wage, then people wouldn't do it, if its more, then more people do it. Hence it stabilizes around that mark. This is also one of the reasons why there are more phishers in poorer nations.
      • by account_deleted ( 4530225 ) on Tuesday January 06, 2009 @08:55PM (#26352269)
        Comment removed based on user account deletion
      • There's no evidence that the pool of phishing money is static, it's *assumed* by the article (section 4.4) based on some arbitrarily fixed small fraction of estimated numbers of web surfers being phished (0.37%).

        Now, if you pretend that X amount of money must be shared by phishers no matter what, then it makes sense that more phishers means smaller returns for each on average. Of course, that doesn't mean that "superstar" phishers couldn't be increasing their share at the expense of "average" phishers, an

  • by Notabadguy ( 961343 ) on Tuesday January 06, 2009 @08:10PM (#26351885)
    Everyone knows that if you overphish a stream, there's no phish left for everyone else. Its a classic case of resource depletion!
    • by Sycraft-fu ( 314770 ) on Tuesday January 06, 2009 @08:26PM (#26351979)

      If you read their paper.

      Also it is even worse, when you get down to it: People (contrary to evidence some times) have the capacity to learn. As phishing becomes a bigger problem, there's more news on it, more efforts to educate people about it and so on. So the pool of candidates shrinks. Likewise some companies start implementing technologies that make it hard/impossible to do (Paypal has a secure ID token you can get now for example).

      So it isn't just a case of depleting the pool of dollars belonging to the people who can get phished, it is also a case of less people being available to be phished. While you'll certainly never educate everyone, I'd say awareness of phishing is much higher these days and many more people take care to protect their information.

      • by gujo-odori ( 473191 ) on Tuesday January 06, 2009 @08:39PM (#26352099)

        I'm own the anti-phishing rules at a well-known email security company, and while I agree with the principle that over-phishing is causing problems, as it does with fishing (although as with phishing, the best phishers are catching a lot more phish than the worst pishers), I don't think very many people are doing much more to protect their information. What does seem to happen, though, is that - just as with fish that see lures dragged in front of them all day long - people are coming to think everything is a fraud (I see legit bank emails reported as phishing all the time). Some of them, anyway. I also see a lot of correspondence threads in which people have already handed over money to 419ers or are preparing to do so.

        And of course, phishers are also diversifying somewhat. Earlier this year, account credential phishing became popular. The goal: not immediate financial reward via account plunder, but to get access to a legit login on a host with a good email reputation for the purpose of either using it to send fraudulent email, or using it to send regular spam for hire.

        Financial losses continue to be high, and I'm not convinced that the 3.2 billion figure is off by a factor of 50, even if it might be on the high side. But earnings by the theoretical average phisher? Yeah, they've got to be off. There are so many phishers these days, so many people are deluged by phishing attempts, and at least for those who have a good spam filter, a figure north of 99% of those phishing attempts don't make it to the inbox anyway.

        The ones that get me are the people who release blatant phishing from quarantine. I'd love to know how many of them later respond and get phished. I suspect that number is rather high.

        And then there are the money mule scams. People fall for those all the time. The phish aren't getting that much smarter, as far as I can tell.

    • by Anonymous Coward on Tuesday January 06, 2009 @08:30PM (#26352027)
      people should learn... there's plenty of jobs as pharmers and phlorists... or even phirephighters
    • Make everyone happy.
  • by Sycraft-fu ( 314770 ) on Tuesday January 06, 2009 @08:15PM (#26351909)

    I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job. I remember a few years ago there was a problem of newspaper machines getting broken in to and the change stolen. They finally caught the guy and estimated he'd been making well less than minimum wage. It wasn't a trivial job to get in them and it isn't as though a ton of papers are sold from those. While there certainly are criminals who make bank (like drug lords) often you'll find that really criminals would do just as well to get honest work.

    Another thing is that you are talking about something where your success rate is very low, and even when you do have a success in terms of getting info, you don't necessarily get anything with it. Just because you steal someone's account and try to use it, doesn't mean it works. For example I had my credit card stolen. Wasn't a phishing scam, just someone that had got a hold of the number, but either way they had it. As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat. So even though they were successful in getting my card, they weren't successful in getting anything with it.

    So all in all ti doesn't surprise me that phishing is a low paying job. You aren't going to get many bites, some of the ones you DO get will be fake (I love filling out phishing forms with fake data), and even when you do get legit info, you might not get to use it.

    • Very true, I know a guy who sells pot. He is always bragging about how much money he makes. I always have a good laugh on the inside because the amount is pretty low. Sure he is making more money than the kids at burger king, but he is in his mid twenties.
      • Comment removed (Score:4, Insightful)

        by account_deleted ( 4530225 ) on Tuesday January 06, 2009 @09:00PM (#26352325)
        Comment removed based on user account deletion
    • by PCM2 ( 4486 ) on Tuesday January 06, 2009 @09:29PM (#26352597) Homepage

      I mean for one thing, a lot of crime really doesn't pay well. Sometimes even less than a minimum wage job.

      Steven D. Levitt addresses this in his book, Freakonomics. Chapter 3 is titled Why Do Drug Dealers Still Live with Their Moms? [freakonomicsbook.com]

    • I always thought that spammers were all scamming each other more than the rest of us. It must be a very sad world.
    • Re: (Score:2, Interesting)

      by fishbowl ( 7759 )

      "As soon as they tried to order something, I noticed. I had the card disabled, the merchant stopped shipment on the goods, and so on. The thief didn't get squat."

      Didn't get caught either. Merchant should have shipped "the goods" and had federal marshals "deliver them".

    • I mean for one thing, a lot of crime really doesn't pay well.

      When it pays you well, your title is upgraded from "criminal" to "CEO".

      But seriously... is this article even news? Socially destructive behaviour bites you in the ass eventually? Isn't that pretty much evolution 101?

  • So basically there are too many people trying to exploit a limited pool of suckers to make the endeavor profitable. So sad. However, I have a solution, check out my site at http://www.h0wtoph1sh.com [h0wtoph1sh.com].
    • by dmomo ( 256005 )

      I tried to pay the $2.00 price for this solution by entering my Bank of America login and password as you required. But, I have yet to receive an email containing the information. Could you please send it again?

  • by ecloud ( 3022 ) on Tuesday January 06, 2009 @08:22PM (#26351955) Homepage Journal

    ...and neither does farming!

    (slogan I saw on a baseball cap as a kid, maybe 25 years ago. One of my grandpa's buddies was wearing it.)

  • Yeah, Right... (Score:2, Insightful)

    by blcamp ( 211756 )

    Phishers don't make squat. Right. Because obviously it's not as profitable as working at the local oil change shop, or at Wally World.

    I'd like to see 419 examples of how Nigerian scammers don't make money.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I have the 419 examples you requested, but I need $3000 to get them through customs.

    • It probably would be more profitable working at the local oil change shop or at walmart, but I doubt those places exist (at least in the way you think of them) in nigeria. Also, if you look at the GDP per capita of the United States and Nigeria [wikipedia.org] you'll notice that the small amount of money made phishing is much more valuable in nigeria than it is in the united states.
  • by QuantumG ( 50515 ) * <qg@biodome.org> on Tuesday January 06, 2009 @08:31PM (#26352041) Homepage Journal

    You have the choice:

    1. earn minimum wage at McDonalds
    2. earn less than minimum wage selling drugs

    Which do you choose? Selling drugs of course. Why? Cause you've got respect for yourself and refuse to work a demeaning job.

    Before you object, whether or not you agree that working at McDonalds is demeaning is irrelevant. Many, many, many women have been given the choice:

    1. work as a stripper
    2. work as a waitress

    and decided that working as a waitress is less demeaning than working as a stripper. You may disagree with that, also but that's also irrelevant. The facts are that you can make a lot more money working as a stripper than as a waitress, and yet so many people choose not to.

    The economically rational human is a myth.

    • Re: (Score:3, Interesting)

      Just assign a value to, or create a market for, the lost self-respect and you're back in business from an economics standpoint.

      • Re: (Score:3, Insightful)

        by QuantumG ( 50515 ) *

        Hehe.. why do you think women get paid more to be strippers than to be waitresses? There already is a market for lost self-respect. People choose not to participate in it.

        • Hehe.. why do you think women get paid more to be strippers than to be waitresses? There already is a market for lost self-respect. People choose not to participate in it.

          Every person places a different value on the same thing. If the difference in pay in X dollars per week, and girl A values her self-respect at X + 100 dollars, it would be irrational for her to strip instead of waiting tables (assuming other values are the same). If girl B values it at X - 200 dollars a week, it wouldn't make sense for

    • Re: (Score:3, Insightful)

      by rossz ( 67331 )

      It's not a question of most women not wanting to work as strippers, it's a simple fact that most women could never make a living as a stripper. The majority of people (both men and women) do not look all that good naked.

    • by homer_s ( 799572 )
      You are fighting a strawman reg the 'economically rational human' - economics has as much to do with money as astronomy has to do with telescopes
    • Re: (Score:3, Informative)

      by grege222 ( 995375 )
      I recently heard Stephen Levitt (Freakonomics) speak, and he actually addressed your first example. It's actually the title example in his next book "Why Drug Dealers Live With Their Mothers." The gist of it being that while dealing drugs may make less money and certainly has more risk than McDonalds, their is greater opportunity for upward mobility. Just because you don't understand what's going on doesn't mean that it's irrational.
      • This subject is gone into in greater detail in Sudhir Venkatesh's book Gang Leader for a Day - he's the source for the Freakonomics chapter on the economics of the drug trade, and after the success of that book he wrote up the whole story of his study of the underground economy and society.
    • Re: (Score:3, Insightful)

      by Belial6 ( 794905 )
      That completely ignores the fact that (with very few exceptions) all, all, all women are given the choice of:

      1. Have sex with men for money and get another job to supplement that income. (This can include stripper or waitress)
      2. Not have sex with men for money and get a job to supply their income.

      The vast majority of women choose to have sex with men for cash, goods and/or services. Almost all of them know what they are doing, but there are FAR greater profit for the whole group if this is denied.
    • by McGiraf ( 196030 )

      I don't want to see some of the waitresses naked.

    • I remember my intern officemate once talking disrespectfully about some girl at a stripjoint. I don't have anything against this in-and-of-itself, as it is part of the implied service a stripper provides. However, he was in dire need of an Outlook Adjustment for a few other reasons...

      So I told him how much the strippers at that establishment make (most of it under the table) for what is basically a part-time job, and he got real quiet. Then I asked him, since I knew he was under the same "patent transfer" a

    • by mcrbids ( 148650 )

      The economically rational human is a myth.

      No, it isn't. It's just that people value things other than just money.

      For example, I am a skilled knowledge worker who's also well grounded in business operations, administration, and sales. I have had a number of opportunities over the past few years to make lots and lots of money - and yet I continue to stay where I'm at. Don't get me wrong - business is good where I'm at - but for me, the value of doing something altruistic as part of my job is something I get i

      • by QuantumG ( 50515 ) *

        The economically rational human is a myth. [..] No, it isn't. It's just that people value things other than just money.

        You're an idiot.

        • The economically rational human is a myth. [..] No, it isn't. It's just that people value things other than just money.

          You're an idiot.

          Not a bit of it, he's spot on. Money is of value solely insofar as it can be exchanged for stuff people want. For goods or services. Only a few nerdy numismatists value money for itself. The game of economics isn't a game of getting money - it's a game of getting stuff you want.

          Now the thing is, once you get past basic essentials, what people want can be anything. Entirely

    • less than minimum wage selling drugs

      I take it you've never sold drugs before.

    • Why do you say working as a stripper is a woman only job?
    • Sorry the only reason such a job is demeaning to many people is because they have an exaggerated estimate of their own worth.

      Look, when push comes to shove, when your children need to be fed, there is no job demeaning in THEIR eyes.

      To be up front, I have more respect for the men and women at McDonalds than I have for the majority of government employees, especially elected officials. The fact that some people see those jobs as demeaning only shows that society has its values screwed up.

      Work is better than

      • You live in a fairy tale world. You fail to understand that we, humans, are social beings. We form social groups that have structure and organize individuals in social hierarchies. The members of those groups always wish to "move up" in those hierarchies because being on the bottom sucks.

        The fast food business is seen as the most demeaning work in today's society because you are placed in the very bottom of your society's hierarchy. You earn minimum wage, you are forced to take orders from everyone that cro

    • The economically rational human is a myth.

      I agree, but I would say that the reason most people end up selling drugs (or whatever criminal activiy) is that it is easier, and most people are lazy.
      You may not earn as much money selling drugs, but you probably only work a few hours a week compared with eight hours a day sweating into burger buns at Mickey D's.

    • It's only a myth if you don't understand the basics behind decision theory and you fail to understand the most basic economic fact of all which is: money isn't the end all, be all element in economy, let alone life.

    • Don't forget the 'tax advantage' from being a drug dealer, and also the lack of retirement/health care. Those decisions must play a part in deciding on your future career.

      There, you made me sound like a guidance counselor!

  • Like drug dealing (Score:3, Insightful)

    by Tsu Dho Nimh ( 663417 ) <abacaxi&hotmail,com> on Tuesday January 06, 2009 @08:35PM (#26352077)
    For every dealer who makes big money, a lot of others are just scraping by, hoping to get that lucky break.

    They'd do better with a real job.

    • Re: (Score:2, Insightful)

      by BagOCrap ( 980854 )

      Of course they would. But then again, they'd probably have to lay off the pot or crack in order to do so.

  • Nah... they just wanna demoralize the phishers so they'll give up and beg Microsoft to hire them for the $10 an hour they now know they're worth.

  • by fuzzyfuzzyfungus ( 1223518 ) on Tuesday January 06, 2009 @08:48PM (#26352203) Journal
    And thus being a perfect master of all questions of human economic activity(except for currency related theory, which is why I'm just going to parrot gold-standard talking points until we get to that chapter next semester in Econ 102) I have a solution!

    Clearly, since phishing shows the classic signs of being a tragedy of the commons(if I were serious, I would put a patronizing link to the wikipedia article I had read just moments before in this spot) we must divide up the world's computer using idiots and make individual blocks of them the property of particular phishers, thus aligning incentives and ensuring optimal exploitation of the Lusers. I call all AOL usernames that start with "a"!
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Crap, you get administrator@aol.com... thats the biggest idiot with the most money...

  • by sydbarrett74 ( 74307 ) <sydbarrett74.gmail@com> on Tuesday January 06, 2009 @08:52PM (#26352239)
    The only ones who made any real money were the ones who bought in early; the vast majority of Amway reps break even at best.
    • Comment removed based on user account deletion
    • That was my first thought when I hit the section on phishers making money by selling resources to optimistic noob phishers. Most of the money in something like Amway isn't actually in moving product, it is in so called "Business Support Materials", motivational tapes, seminars, and the like.
  • by fermion ( 181285 ) on Tuesday January 06, 2009 @09:54PM (#26352841) Homepage Journal
    It is this way any time someone waves huge amounts of money at a job people think anyone can do. It is likely that some spammers make huge amounts of money, so why not me?

    For instance, some football players make a lot of money, so families, schools, colleges spend huge amounts of money to get people a position where they can make this money. In fact, even if one only considers colleges that are regularly recruited, the expectation value of income for these players are minimum wage. Of course, they can make money if they have others degress or skills, but the expectation if the rely on the game is very small.

    As mentioned, many people prefer a small income with criminal activity rather than an honest, if perhaps uncomfortable job. People also prefer jobs they think they can have fun with to jobs where they actually have to put a honest days work.

    We see this with the Madoff case, where it is better to be rich and work at a dishonorable profession than honorable and not so well off. Why would Madoff, or his criminal kids, be more respected than a person who is on time and does a good job at McDonalds?

    • The reason is that rich people are seen as doing something "Right", regardless how wrong or immoral or illegal it is.

      Poor people are seen as stupid, "Wrong", and somehow a messed up life, no matter how simple and honourable they may truly be.

      • The reason is that rich people are seen as doing something "Right", regardless how wrong or immoral or illegal it is.

        Maybe where you live, not where I do. A rich fuckwit is still a fuckwit.

  • by dmomo ( 256005 ) on Tuesday January 06, 2009 @09:55PM (#26352847)

    This is speculation, but my (big fat) gut tells me that while this might be true in general, there's probably at least one person at the top of a major phishing scheme making decent money.

    Sure, the peons (as in any industry) who do the actual labor get paid crud, my guess is that Upper Management does just fine. Sure, unskilled labor gets the market rate for such.

  • by hodet ( 620484 ) on Wednesday January 07, 2009 @11:58AM (#26359209)
    Poor phishers

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...