Phishing Group Caught Stealing From Other Phishers

An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them. Deliberately deceptive code inside the kits means that script kiddies are unlikely to realize that any captured credit card numbers also end up getting sent to the people who made the phishing kits. The same group was also responsible for another backdoored phishing kit used against Bank of America earlier this month."

Re:How times have changed: you can't trust.....wai

[v1]

they aren't really feeding off each other, just more off YOU. Both thieves get a crack at your cc#. Would you rather have rung up $4000 on your card, or $8000?

Nuke the phishers

[enoz]

What is stopping a law enforcement agency from putting out a 'phishing' kit that actually phished the phishers?

It reminds me of the ol' days on instant messaging when people would pass around a supposed 'Nuke' program that would allow them to reboot people's computers, only to discover that their own computer crashed soon after.

Re:How times have changed: you can't trust.....wai

[GroeFaZ]

Problem is, they're not feeding on each other; the feeding order is not circular, but rather pyramidal. The smart and resourceful ones get even richer through the bottom-feeders' "work".

Re:How times have changed: you can't trust.....wai

[bhmit1]

But seriously, this is good news! It is always good news (for law-abiding people) when crooks start feeding off each other.

This would only be a good thing if phishers were stealing the account information of other phishers. But since they are just spreading your number to more phishers, your best hope is that competing phishers raise the fraud alert on your credit cards faster (credit card companies look for unusual purchases, and placing multiple orders in stores on opposite sides of the country at the same time is a pretty easy flag for them).

Personally, I still want to see financial institutions implement a system where you can get trojan account numbers to give to the phishers that appear just like real numbers. If the phisher uses them, immediately the institution knows to look for fraudulent activity from that source. Then everyone receiving this spam can provide so many bad account numbers that phishing is very difficult to do without drawing attention to yourself.

This isn't the same...

[TheGreatHegemon]

In the old days, if thieves stole from thieves, it meant the first thief was deprived of the stolen goods. This lead to conflict. However, with information like this, all it means is that *two* thieves have the same info.

Re:How times have changed: you can't trust.....wai

[skarphace]

For what it's worth, I have found a way to never have my credit card info stolen - I use cash. For you conspiracy minded people out there, my purchases are not trackable. Even better, the amount of debt I have is $0 which comes out to $0 per month in interest with a grand total of $0 per year.

That doesn't keep ID theft from happening. Someone gets your SSN and opens up an account in your name, you're screwed anyway.

Just do what I did, open up a bunch of cards, bury yourself, get bad credit. You can't open up accounts if your credit sucks. heh