Tag Archives: phishing

The biology of phishing

Some nefarious group recently made a phishing attempt against me, trying to lure me into providing bank account information in response to an Official Looking email.

Presumably, the combination of spam filters and alert consumers means phishing has a very, very low success rate.  Fortunately for criminals, email has virtually no incremental cost: you can send a million phishing messages almost as easily as you can send a thousand, or ten.  In contrast, con men can only be in one place at a time, and probably need to invest a lot of time per victim, so they need a much much higher success rate.

That brought to mind r/K selection theory, from biology:

– in r-type reproduction, creatures create zillions of offspring.  In stable ecosystems, almost all the offspring will die before reproducing, giving a (near-infinite offspring x near-zero success rate) arrangement.  Examples include insects, fish, and dandelions.  By analogy, phishing would fit this category.

– in K-type reproduction, creatures create few offspring, but the survival rate is much higher.  Basically, it’s a (near-zero offspring x near-100% success rate) type arrangement.  Examples include bears, elephants and whales.  By analogy, con men would fit here.

And this got me wondering how businesses look, when viewed through the r/K lens.  (It also got me sending emails to the local university asking if any researchers have been looking at this topic; we’ll see if anything pops up.  :)  )

By and large, virtual goods seemed to follow r-type behaviour, and physical goods, K-type.

Continue reading