In the wake of the huge Epsilon data breach, we've all been warned to expect a wave of newly sophisticated "spear phishing" attacks. These will come from spammers who now (thanks to Epsilon) know our real names and email addresses and therefore can send messages from businesses we really deal with, asking us just to "confirm" a few details like account number and password.
A chilling sign of just how diabolically clever these new attacks might be appeared in the Gmail inbox this morning. Click for larger, if you think you can stand this exposure to pure evil genius:
The mastery of colloquial English! The exact replication of the tone and style of a real Google message! First Stuxnet, now this....
Hardee-har. I've mentioned before the puzzle of how incompetent, clueless, or lazy many spammers seem to be -- or how naive they assume recipients to be. ("Dear Friend! It is I, the former Director of the Central Bank of Gabon!") I know the old chestnut that while brilliant criminals make for great detective shows and thrillers, most criminals really aren't that bright. (Cf the wonderful Dortmunder novels by the unbelievably gifted and prolific Donald Westlake, starting with Jimmy the Kid.)
Among the many reasons to wish that Westlake were still around is so that he could do a novel about the masterminds who come up with phishing messages like the one I just received, or those from the Central Bank of Gabon -- and the people who decide to answer them. I hope someone is pursuing this idea.
