Two student from Indiana University recently performed an experiment to determine the vulnerability of their fellow students to phishing attempts. Using information gleened from the public internet, they forged sender information, sending out lures that directed recipients to username/password entry pages.
While the report did not outline the results of the study, one things was proven – college students don’t get phishing and fraud, and they are big whiners.
Many of the students who received the experimental phishing lures, as well as those who were used for forging sender information, complained that they were subjected to the experiment without disclosure, or their consent. What these students don’t get is that phishers often use many of the same techniques to steal money and identification data.
The IU students quoted expressed their discontent – they were upset. I say they are going to be a hell of a lot more upset when some fraudster steals their bank account information, and drains that account along with their credit rating. Then they will have something to piss and moan about.