Phishing, smishing, and other means of attack via email are getting more sophisticated and clever, but as a general comment, it's more targeted toward Enterprise. You know this Bill_Bright, in fact, you've taken a very dim view of Enterprise behaviors in one of your past posts and with extremely good reason.
Sorry, but I don't agree with any of this either. First, the fact "
one" of my past posts was critical of enterprise behaviors IN NO WAY means I believe that type behavior is any better or worse of a behavior, or a bigger target than any other type target.
As far as "socially engineered" methods of distribution (phishing or otherwise tricking people to click on this or that), I don't believe enterprises are specifically targeted there either. You are suggesting bad guys are categorizing email addresses into enterprise and personal. That is, sorting by domain names. No way. They are too lazy for that.
They are just building, sharing and buying lists of compromised and/or mined collections of email addresses and mass mailing 1000s (millions!) of spam messages to those lists in the hopes a few will take the bait.
A home user would have to be either really distracted or naive, indulge in some pretty shady behavior
Not sure this is fair - even if true. All users, even you, plat, were newbies once, and thus naïve at one point or another. Some who have been around awhile seem to forget that. Others, sadly, are so arrogant, they assume they are smarter than the bad guys and could never be tricked. That's being naïve, as well as arrogant. And then there are those, such as typical "invincible" teenagers who are convinced, "it will never happen to me."
I have seen some extremely sophisticated email scams, with totally professional and legitimate "looking" emails coming my way. Some for Chase and US Banks, as examples, were so convincing, I might have clicked on them myself except for the fact I don't have accounts at either bank! So big red flags there for me. One even had my real name in it. The other said "Dear Customer" so that was another red flag. My point is, I've been actively involved in IS/IT security for decades as part of my professional career. I know what to look for because I am not a "normal" user. And yet, even to me, those were very convincing.
What is needed is more education.
Fortunately there are others like sowhat who aren't afraid to ask questions.
Typically these include newsletters and forum notifications because those tend to be mass mailings of 100s or 1000s or more emails at once - a characteristic of spam too. For this reason, if you use gmail, I recommend you visit the spam folder at least every 3 weeks to make sure there are no false positives in there. If necessary, create a filter for those senders. Note gmail automatically deletes emails out of the spam folder after 30 days - hence my every 3 week recommendation.
