Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Phishers Think, Act, and Make a Profit

Posted by timothy on from the good-laugh-at-your-expense dept.

whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"

6 of 133 comments (clear)

  1. Re:How is this useful for law-abiding citizens? by LostCluster · · Score: 4, Insightful

    Isn't that the reason they call it "Black Hat" instead of "White Hat"?

  2. Re:How is this useful for law-abiding citizens? by teh+moges · · Score: 3, Insightful

    This article isn't about that, its about how they think. The information it does have, while brief, is exactly the type of information that I was expecting when I clicked the link.

  3. How to prevent phising attacks. by Anonymous Coward · · Score: 5, Insightful

    Engage brain before clicking.

  4. The Perfect Crime by v(*_*)vvvv · · Score: 2, Insightful

    Idiots fooling around do all the dirty work, and the serious crooks just snatch all their work without them even knowing it.

    I am guessing phishing is risky. I am guessing that only phishing can gather information in such a large scale. If this is true, then while the idiots are getting caught, the really smart people and gaining a ton of really useful information as we speak.

    If this is the case, I would be *very* worried.

  5. Re:How is this useful for law-abiding citizens? by rapiddescent · · Score: 4, Insightful

    legality is an issue - why should *you* make the judgement on whether that data is in fact stolen - perhaps that data has been placed their by banking regulators/NHTCU using 'honeypot' card numbers so that tracing can occur to recover funds.

    A well known Scottish bank (that I used to work at) were well known for chasing money launderers who have (ab)used their systems to the ends of the earth - often spending more than the consequential fraud loss to do so. In the old days, they used to use marked cheques - nowadays they have hotscan products that will trace payments to affiliated payment networks across international borders.

    Yeah, breaking into phishing sites is a lot of fun, but before you "drop table", think about your actions and whether you are breaking the computer misuse act (UK) or the Police and Justice Act (Scotland) or indeed any law from the host nation.

    The Gary MacKinnon case has shown that a rather underrated cracker (poking around with Term Services looking for blank passwds -- for FS!) can cause an extradition to a foreign country well known for its human rights abuses - is just shocking.

  6. Re:How is this useful for law-abiding citizens? by Fred_A · · Score: 3, Insightful

    Remember illegal access to a computer is illegal, but anyone running a database full of stolen credit card numbers is probably not going to call the cops on you, especially since to prove you access the system they'd have to keep it pretty much intact.

    There is however a marginal risk that the legitimate owner of the system would notice you instead of the phisher. And call the relevant authorities on you. Which might prove uncomfortable.

    --

    May contain traces of nut.
    Made from the freshest electrons.