After my latest round of supposed anti-fraud notices claiming to be from banks with which I don’t have any accounts, it occurred to me that phishing, 419 scams, email spam, blog spam, etc. are all scattershot approaches. They seem so obvious to those of us who are used to seeing them. It seems unthinkable that someone would fall for a phishing attempt that identifies itself as someone else’s bank, or buy pharmaceuticals from someone who can’t spell d.Ruugz. But they’re not intended for us. We’re just collateral damage.
Direct marketing often makes at least an effort to aim, because paper and postage cost money. That’s why businesses and charities will mainly share/sell their mailing lists among similar organizations, and not some random list of people. In this way, direct marketing is like riflery: you want each shot to be as accurate as possible.
Email, however, is cheap, and most spammers are using someone else’s resources to send out the mail anyway. It’s long been pointed out that they don’t care if 99% of their messages get lost in the ether. They only need a fraction of their list to respond. It’s like using a machine gun: you don’t have to aim, just spray the general area and at least one bullet is likely to hit your target.
So phishers don’t have to match their pitches to each recipient’s bank. If they plaster the net with messages claiming to be from Chase, it doesn’t matter if most of their messages hit Wells Fargo customers. Statistically speaking, some of the recipients will have Chase accounts, and some of them will be fooled, and that’s all they need to collect their virtual loot.
And the rest of us? Bystanders caught in the drive-by.