How the Phishing Biz Works

← Back to Stories (view on slashdot.org)

Posted by Zonk on Monday June 20, 2005 @12:43AM from the sad-state-of-affairs dept.

Carl Bialik from the WSJ writes "Christopher Abad has spent much of the past six months 'stalking the phisher underground,' Lee Gomes writes in the Wall Street Journal. 'The typical phisher, he discovered, isn't a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag. If, in the early days, phishing scams were one-person operations, they have since become so complicated that, just as with medicine or law, the labor has become specialized.' For instance, a phisher in Romania who successfully scores account information for someone in the U.S. may go on IRC to seek out a 'casher' to withdraw money from the target's account, and send a cut back to the phisher."

6 of 321 comments (clear)

Min score:

Reason:

Sort:

Almost as informative... by sandstorming · 2005-06-20 00:50 · Score: 5, Informative

But not as prettyful as... This Technology

--
http://www.sandstorming.com
Just Received My First Phishing Email by ras_b · 2005-06-20 01:09 · Score: 3, Informative

Maybe you guys are getting these all the time, but i don't email much and just received my first phishing email. I never read or open anything if it looks even remotely sketchy, but this one was pretty good. i believed it for a few seconds, until i logged in to paypal through a separate browser and verified no changes had been made to my account. I then forwarded the email to spoof@paypal.com as paypal requests. they wrote back to verify that the email was a scam. Another giveaway was that every link in the email, including the phony email address, had the following url behind them (i never clicked it- don't know whats there): h t t p ://linux.fal.pt/fundicao/img/cmd/index.html

original message (i added spaces to urls so they wouldn't be links):

From : PayPal Inc.
Sent : Tuesday, June 14, 2005 3:58 PM
To : my_email@hotmail.com
Subject : Unauthorized Access: (Routing Code: P101-K001-Q-P090)

You have added funstuff12@aol.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need assistance with
your account, please contact PayPal customer service at:

h ttps://www.paypal.com/cgi-bin/webscr?cmd=_login-ru n

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
h ttps://www.paypal.com/.Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.

PayPal Email ID PP1507
Beats this article by far... by CABAN · 2005-06-20 01:12 · Score: 4, Informative

You should know your enemy. http://honeynet.org/papers/phishing/
Lots of easy ways to solve this... by hacker · 2005-06-20 02:07 · Score: 4, Informative
There are some very simple ways to solve this, en-masse...
1. Set up a milter that calls HTML::Strip to strip out all HTML from email. I don't want my webpages on port 25, just like I don't want my email on port 80. Users don't know or care anyway, set it up at the MTA side and they'll get clean emails.
2. Use a real MUA, like pine, mutt or other that allows you to see the actual content of the message, not its abstracted "rendered" equivalent. I simply hit 'h' in pine, and can see the resulting link that the phisher is trying to send me to... if it doesn't match the anchor tag, it gets deleted (and forwarded to spam-$USER, see dspam below).
3. Don't run Windows. Nothing need more be said here. When the same ActiveX control is used by Exchange to "render" email into your mailbox as MSIE to "render" maliscious HTML to your browser, you should be concerned.
4. Install and configure dspam. Problem solved after only a few phish emails come through. Simply send them back to your internal spam-$USER address and you'll never see them again, including future ones that are similar. If you want to see them again, go into the web interface and send them to your mail, which will automagically re-score them lower so they get through. My users and I haven't seen a single spam get through to any of our mailboxes in MONTHS, not a single one. Beats the pants off of anything else out there that I've used.
5. Education. Teach your users that they should never respond or click URLs in email, ever, period. Show them that PayPal and eBay and other companies never ask you to log back in to verify any personal information. Show them how these systems work, and reinforce it all the time by asking them questions about it. Drill it into them.
Re:I've always thought by UnknowingFool · 2005-06-20 04:13 · Score: 3, Informative

When you get a phishing email, report it to some kind of website, once it gets verified as a phishing website, you can kind of just DDOS it.
Unfortunately the problem with this approach is the collateral damage if the scam artists do not use their own machines to host the scam. The ISP or host company gets pummelled and if they didn't know anything about the scam, they're innocent bystanders.

--
Well, there's spam egg sausage and spam, that's not got much spam in it.
How the WebLoyalty scam really works by Animats · 2005-06-20 05:55 · Score: 4, Informative
Now, a patented phishing scam! The CEO of WebLoyalty, Vincent D'Agostino, has two patents on the technology, both titled "Method and system for cross-marketing products and services over a distributed communication network".
Here's the WebLoyalty online demo.. This is triggered after checkout from some other store. All the customer provides is an E-mail address, or at least a click on the big red button below the E-mail address form. Their credit card information is taken automatically from the previous transaction.

The key to WebLoyalty is that it's embedded in VirtualCart, a popular shopping cart program, and is on by default. It's quite possible for a merchant to be serving the WebLoyalty scam without even being aware of it. The merchant can't even turn it off directly. From the VirtualCart WebLoyalty FAQ:
- Q. How can webloyalty.com afford to offer Special Rewards and not get paid?
- A. webloyalty.com ultimately generates its revenue from the customer. Each customer who claims the Special Reward is offered the chance to join a discount shopping and protection service (Reservation Rewards), discount travel service (Travel Values Plus), shopping protection service (Buyer Assurance), or credit card and identity protection service (Wallet Shield). Although there is never an obligation for the customer to continue after the 30-day free trial, many customers choose to continue a service for its valuable benefits. This subset of consumers provides revenue to webloyalty.com.
- Q. Why allow the customer the opportunity to transfer his information as opposed to re-entering it?
- A. We believe the customer is always right. And after chatting with hundreds of customers, we heard one thing loud and clear... they want convenience. Most consumers believe allowing them to transfer their personal and financial information with their express permission is much more convenient than re-entering it. Just ask Amazon.com's customers!
- Q. How do I opt-out of this program?
- A. Send us an e-mail to support@vcart.com with your cart ID and we will be more than happy to review your account for removal from this program. virtualCART reserves the right to require all merchants to participate in the program.
And there you have it, the world's most successful phishing scam, run by a Harvard MBA.

If you need to sue those guys, look them up at the Secretary of State of Connecticut , web site, which has their real address and the names and addresses of the corporate officers. Their actual business name is "WebLoyalty.com, Inc."