Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing Group Caught Stealing From Other Phishers

Posted by samzenpus on from the what's-good-for-the-goose dept.

An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them. Deliberately deceptive code inside the kits means that script kiddies are unlikely to realize that any captured credit card numbers also end up getting sent to the people who made the phishing kits. The same group was also responsible for another backdoored phishing kit used against Bank of America earlier this month."

6 of 129 comments (clear)

  1. Re:How times have changed: you can't trust.....wai by v1 · · Score: 4, Insightful

    they aren't really feeding off each other, just more off YOU. Both thieves get a crack at your cc#. Would you rather have rung up $4000 on your card, or $8000?

    --
    I work for the Department of Redundancy Department.
  2. Nuke the phishers by enoz · · Score: 4, Insightful

    What is stopping a law enforcement agency from putting out a 'phishing' kit that actually phished the phishers?

    It reminds me of the ol' days on instant messaging when people would pass around a supposed 'Nuke' program that would allow them to reboot people's computers, only to discover that their own computer crashed soon after.

  3. Re:How times have changed: you can't trust.....wai by GroeFaZ · · Score: 3, Insightful

    Problem is, they're not feeding on each other; the feeding order is not circular, but rather pyramidal. The smart and resourceful ones get even richer through the bottom-feeders' "work".

    --
    The grass is always greener on the other side of the light cone.
  4. Re:How times have changed: you can't trust.....wai by bhmit1 · · Score: 4, Insightful

    But seriously, this is good news! It is always good news (for law-abiding people) when crooks start feeding off each other.
    This would only be a good thing if phishers were stealing the account information of other phishers. But since they are just spreading your number to more phishers, your best hope is that competing phishers raise the fraud alert on your credit cards faster (credit card companies look for unusual purchases, and placing multiple orders in stores on opposite sides of the country at the same time is a pretty easy flag for them).

    Personally, I still want to see financial institutions implement a system where you can get trojan account numbers to give to the phishers that appear just like real numbers. If the phisher uses them, immediately the institution knows to look for fraudulent activity from that source. Then everyone receiving this spam can provide so many bad account numbers that phishing is very difficult to do without drawing attention to yourself.
  5. This isn't the same... by TheGreatHegemon · · Score: 3, Insightful

    In the old days, if thieves stole from thieves, it meant the first thief was deprived of the stolen goods. This lead to conflict. However, with information like this, all it means is that *two* thieves have the same info.

  6. Re:How times have changed: you can't trust.....wai by skarphace · · Score: 2, Insightful

    For what it's worth, I have found a way to never have my credit card info stolen - I use cash. For you conspiracy minded people out there, my purchases are not trackable. Even better, the amount of debt I have is $0 which comes out to $0 per month in interest with a grand total of $0 per year.
    That doesn't keep ID theft from happening. Someone gets your SSN and opens up an account in your name, you're screwed anyway.

    Just do what I did, open up a bunch of cards, bury yourself, get bad credit. You can't open up accounts if your credit sucks. heh
    --
    Bullish Machine Tzar