Most of us have received emails asking us to click on a link and confirm our account information by typing in our personal financial information such as a credit card account number. Later we find out that we’ve been scammed and that our information was used so that someone else could rack up hundreds of dollars in purchases, maybe even thousands of dollars.
Our immediate thoughts are that we hope they catch the criminals who have now enjoyed a spending spree at our expense. We picture the police breaking down the doors of the living domains of these criminals, catching them while they enjoy their falsely purchased electronic gear or perhaps while they are out enjoying some fine dining at an upscale restaurant that we would never spend money on for ourselves.
The truth of the matter is that most phishers are not living lifestyles of the rich and famous, are not dining on lobster tails nor are they watching March Madness from arena box office seats and spending hundreds of dollars in pricey meals each day.
Microsoft Research released a study that concluded that phishers make very little money: ‘…low-skill jobs pay like low-skill jobs, whether the activity is legal or not.’ Their study also concluded that the Gartner numbers that everyone quotes ($3.2B/year etc) are inaccurate and off by a factor of 50. Although phishing seemingly earns huge sums of money for the phishers the result is that their total net is equal to their total expenses. If the participants were to actually work at legitimate jobs they would find that they would make just as much as they do through their phishing efforts. They would probably be better off after they factor in health benefits through their employer. Based on the study it sounds like the benefits of phishing have reached a plateau and themselves fallen victim to the Law of Diminishing Returns: they’ve increased their total phishing efforts while their total phishing revenue has declined. The whole amount of the individual phishers’ efforts is no longer greater than the sum of all of their individual efforts. So try as they might they are no longer able to increase their successes. That’s good new for us.
While many of you have or will fall victim to email phishing scams and are/will get rightfully upset you can at least take some satisfaction knowing that the phishers are not getting ahead financially and most are probably losing traction. At the very least, they will eventually be caught and spend some time in jail somewhere, somehow.