Spies In the Phishing Underground

An anonymous reader sends us to Net-Security.org for an interview with security researchers Nitesh Dhanjani and Billy Rios, who recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites turned into an extraordinary tour through the ecosystem that supports the business of phishing. In the interview they expose the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, and discuss how phishers communicate and how they phish each other.

Weak article

[plover]

Not a lot of new information there.

To summarize:

• Phishers have forums where they trade with other phishers.
• Most phishers are script kiddies. Phishing is usually done with pre-made phishing kits. The phisher plugs in their email address and uploads it to a compromised server.
• The phishing kits are riddled with backdoors, where the original kit author does stuff like send copies of the victims data to their own email address.
• Anti-phishing browser plugins lead to a ready-made list of compromised servers. Hackers know that any server on the list is hackable.

Six pages? I was hoping for at least the transcript of a chat with a phisher.