How Phishers Think, Act, and Make a Profit 133
whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"
Re:How is this useful for law-abiding citizens? (Score:5, Insightful)
Re:How is this useful for law-abiding citizens? (Score:4, Insightful)
How to prevent phising attacks. (Score:5, Insightful)
Engage brain before clicking.
The Perfect Crime (Score:3, Insightful)
Idiots fooling around do all the dirty work, and the serious crooks just snatch all their work without them even knowing it.
I am guessing phishing is risky. I am guessing that only phishing can gather information in such a large scale. If this is true, then while the idiots are getting caught, the really smart people and gaining a ton of really useful information as we speak.
If this is the case, I would be *very* worried.
Re:How is this useful for law-abiding citizens? (Score:5, Insightful)
legality is an issue - why should *you* make the judgement on whether that data is in fact stolen - perhaps that data has been placed their by banking regulators/NHTCU using 'honeypot' card numbers so that tracing can occur to recover funds.
A well known Scottish bank (that I used to work at) were well known for chasing money launderers who have (ab)used their systems to the ends of the earth - often spending more than the consequential fraud loss to do so. In the old days, they used to use marked cheques - nowadays they have hotscan products that will trace payments to affiliated payment networks across international borders.
Yeah, breaking into phishing sites is a lot of fun, but before you "drop table", think about your actions and whether you are breaking the computer misuse act (UK) [opsi.gov.uk] or the Police and Justice Act (Scotland) [opsi.gov.uk] or indeed any law from the host nation.
The Gary MacKinnon [wikipedia.org] case has shown that a rather underrated cracker (poking around with Term Services looking for blank passwds -- for FS!) can cause an extradition to a foreign country well known for its human rights abuses - is just shocking.
Re:How is this useful for law-abiding citizens? (Score:4, Insightful)
Remember illegal access to a computer is illegal, but anyone running a database full of stolen credit card numbers is probably not going to call the cops on you, especially since to prove you access the system they'd have to keep it pretty much intact.
There is however a marginal risk that the legitimate owner of the system would notice you instead of the phisher. And call the relevant authorities on you. Which might prove uncomfortable.