In the light of OpenSea (alleged) phishing campaign, how large is the problem, how responsibility should be divided and what can we do to fix phishing?
I do not know any studies on it, but I would guess phishing has become more of a problem recently.
- Globalisation and free trade, as you always end up importing a bit of crime
- Internet and online services kill brick and mortar, less in-person trade
- Geopolitics, China and Russia do not need to play nice with West
Bank fraud seems to be GBP 700M in the UK. Fraud COVID relief loans were 4.5B.
- First party phishing: someone pretends to be your bank and tricks you to give access to your full bank account
- Third-party phishing: someone pretends to be Amazon/Shopify/etc. and tricks you buy something on a fake website
And oh boy banks do fail.
You give your bank account access to someone else. Then this someone uses your access details and takes your money
If banks get your deposits on the premise they safeguard your money and break this promise, it's false advertising.
So if you lose more than $20,000 an international lawyer starts making sense.
We have still tech mileage left and cannot go to full victim-blaming mode yet.
The problem is that Solidity devs or security experts often do not look the wider picture of the security.
If you are #Ethereum dev please read this. ethresear.ch/t/simple-phish…
This is the "don't click EXEs" advice. Most of the users would be better off without Microsoft Windows.