Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing In The Channel

Posted by michael on from the turnkey-solution-to-starting-your-own-business dept.

Rick Zeman writes "A Washington Post story details the relationships between phishers, IRC, plug-and-play phishing toolkits, and phantom web sites. 'For the past few months we've started to see phishing attacks from subcontractors, people who buy and use ready-made phishing toolkits and e-mail lists,' Orad said. 'It's gotten to the point where you don't need to know anything about spamming or computer programming to pull this off.'"

10 of 199 comments (clear)

  1. Great by Anonymous Coward · · Score: 5, Funny

    Now we have phishkiddies

    1. Re:Great by Have+Blue · · Score: 4, Funny

      That just sounds like people who hit Page Up way too much.

  2. So what you are say is: by Neil+Blender · · Score: 5, Funny

    Now people who know nothing about ripping people off can rip off people who know nothing about being ripped off.

  3. Dear Ebay/PayPal user by x.Draino.x · · Score: 4, Funny

    There was a system crash this month. You may have noticed our system has been running slowly. If you are receiving this email, we have lost some of the information for your account. Please click on the following link and fill in all of your information to make sure your account does not get suspended. We appreciate your time, and sorry for the trouble. Click here to fill in your info! Your friends, at Ebay/PayPal.

    1. Re:Dear Ebay/PayPal user by lordkuri · · Score: 4, Funny

      xxx.edu

      pr0n college??? such a thing exists??? DAMMIT!

  4. IRC? by Anonymous Coward · · Score: 4, Insightful

    IRC is like a communication medium, its irrelevant in this discussion. As irrelevant as telephones being 'used' by thiefs to communicate. Holding IRC responsible is pointless.

  5. Prevention starts at home by teiresias · · Score: 5, Informative

    While it has become easier for phishers (and now apparently nonphishers) to prey upon mom and pop internet surfer, it still comes down to personal security. Mom and pop internet surfer won't give their ATM pin or their credit card number to a guy on the street but for some reason, the authority of the Internet removes those safeguards.

    Next time you see your parents or someone who is a likely phishing canidate, please, don't roll your eyes. Warn them and try to explain the difference.

    --
    -Teiresias
    1. Re:Prevention starts at home by Billly+Gates · · Score: 5, Informative

      Phishing works in numerous ways like creating fake websites like www.payypal.com which is a close of replica of paypal to trick mom and pop.

      Also many malware type apps which install themselves through javascript exploits may install a keyboard logger, or even change the address bar when a user types "www.amazon.com". IE will display the correct URL but will go to a hacked copy of the site while the user is unaware.

      Also most stolen credit cards are from legitimate businesses which their minimium wage employees steal and post to the net for profit. I use to work at Staples and a former supervisor was caught doing this with over 50 credit card holders.

      Last, its not the user who compromises but rather the merchant who compromises. IIS is the default most popular web software for corporate America and ecommerce sites. A hacker who gain infiltrate a database with thousands of email addresses and credit numbers has a potential gold mine.

      Its more complex than just protecting yourself.

      The internet today is getting worse and worse and is turning into the wild west. Its a dangerous place where new pc's can get infected within 3 to 4 minutes, billions of spams go out each day, to phishing.

      I was reading an older story here about the google archive of usenet including the first spam and how everyone was so shocked the internet could turn into a profit making scheme. Boy, the old internet users had no idea what was coming.

      --
      http://saveie6.com/
  6. Has anyone seen alternate character domains? by suso · · Score: 5, Insightful

    I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c.

    Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic.

    Has anyone seen anything like this yet?

    1. Re:Has anyone seen alternate character domains? by Richard+W.M.+Jones · · Score: 4, Insightful
      Browsers could be modified to highlight characters outside the usual 7 bit ASCII range. For example, those characters could be displayed in red, or in reverse video.

      In fact, this would make sense right now. A heuristic could be used to highlight the '1' in paypa1.com.

      Rich.

      --
      libguestfs - tools for accessing and modifying virtual machine disk images