How Phishers Think, Act, and Make a Profit

whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"

Re:How is this useful for law-abiding citizens?

[LostCluster]

Isn't that the reason they call it "Black Hat" instead of "White Hat"?

How to prevent phising attacks.

Engage brain before clicking.

Re:How is this useful for law-abiding citizens?

[rapiddescent]

legality is an issue - why should *you* make the judgement on whether that data is in fact stolen - perhaps that data has been placed their by banking regulators/NHTCU using 'honeypot' card numbers so that tracing can occur to recover funds.

A well known Scottish bank (that I used to work at) were well known for chasing money launderers who have (ab)used their systems to the ends of the earth - often spending more than the consequential fraud loss to do so. In the old days, they used to use marked cheques - nowadays they have hotscan products that will trace payments to affiliated payment networks across international borders.

Yeah, breaking into phishing sites is a lot of fun, but before you "drop table", think about your actions and whether you are breaking the computer misuse act (UK) or the Police and Justice Act (Scotland) or indeed any law from the host nation.

The Gary MacKinnon case has shown that a rather underrated cracker (poking around with Term Services looking for blank passwds -- for FS!) can cause an extradition to a foreign country well known for its human rights abuses - is just shocking.