Monday, June 20, 2005

Phishing "Industry" Sophistication

WSJonline, via slashdot, reports on the increasingly sophisticated world of phishers.

They explain how various specialized job categories are working themselves out.

"Some might have access to computers around the world that have been hijacked, and can thus be used in connection with a phishing attack. Others might design realistic "scam pages," which are the actual emails that phishers send." Others, they say, act as "cashers" who take the stolen identity info and actually implement their techniques to turn the information into actual cash money, returning a cut to the person who provided them the stolen identity information.

Not surprisingly, a system of peer-review has been developed to help separate "trustworthy" cashers, from those who will take the money and run:

"Certain chat rooms are thus full of cashers looking for work. "I cash out," advertised "CCPower" last week on an IRC channel that had 80 other people logged onto it. "Msg me for deal. 65% your share."

The average nonphisher might wonder what would prevent a casher from simply taking the money and running. It turns out, says Mr. Abad, that phishers have a reputation-monitoring system much like eBay's. If you rip someone off, your rating goes down. Not only that, phishers post nasty notices about you on IRC. "Sox and Bagzy are rippers," warned a message posted last week."


Entrepreneurship and capitalism at it's finest....

No comments: