I don’t know about you but I get phishing attempts on a daily (seems like hourly at times) basis.  The phishing is in a couple of categories:

- Slick – these really look like the supposed company.  But then they fall on their face with a yahoo email address or oddball url for ‘click here’ to enter your info.

- Wordy – these are jam-packed emails from innocuous sounding senders with reasonable titles as well.  Maybe I do know a John Galway?  And he’s writing about the Patriots game (something I care about).  It’s only when you scroll down to the ’stop email’ link that you can clearly see it’s phishing.

- Pathetic – English is definitely not the first language of the sender.  Typically not one complete, correctly spelled and grammatically correct sentence.  Worse is the Asian character set email – complete jibberish.

- Million dollars – any number of swindles – African, Libyan, Middle East, orphan, cripple – you name it

So, given the bunch of junk that streams in continuously – does it work?

I have to believe everyone knows better about the Million Dollars; will ignore the Pathetic; realize the Wordy is junk.  Even the Slick should sound alarms once you realize the kind of information being provided (of course, it’s too late – just clicking put you on a spam list)

Now, then, who is accepting the phishing attempt?  I am guessing close to zero.

Then why keep sending them out?

It takes time to build a phishing list (or money to buy one).  Takes money and time to develop an email program that won’t get you cut off from your ISP.  If someone actually responds you have to do something smart (money and time) with the information to take advantage of it.

I wonder if the key is ‘close to zero’ acceptance and the laws of large numbers.  Assuming you got 0.0001% response of any kind it would be just a matter of time before you had a quantity of information to work with.

Still feels like a complete waste of time (and money).  Why not spend that much (time and money) on developing a neato iPhone or Droid app?