How Phishers Think, Act, and Make a Profit

← Back to Stories (view on slashdot.org)

How Phishers Think, Act, and Make a Profit

Posted by timothy on Thursday August 7, 2008 @01:29PM from the good-laugh-at-your-expense dept.

whitehartstag writes with a write up of "the excellent session at Black Hat that detailed 'how phishers create sites, share info and code, and basically are lazy.' They store their stolen data 'on websites that they have hacked into, or on [publically available] sites like guestbooks. And even worse, they are not protecting their stolen data ... which means that all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script, and find out where they are storing the data.'"

7 of 133 comments (clear)

Re:How is this useful for law-abiding citizens? by urcreepyneighbor · 2008-08-07 13:47 · Score: 5, Informative

I wish the article had good suggestions for how to prevent phishing attacks.
Super secret information! Don't share with anyone! Majestic Clearance only!

--
"The fight for freedom has only just begun." - Geert Wilders
Hey! by Vectronic · 2008-08-07 13:52 · Score: 5, Funny

"...[Phishers] basically are lazy"
I'm lazy, maybe I could be a phisher king...
"...all one needs to do to find this info is to reverse engineer a real phisher's website, look at their PHP script..."
Shit, I instrinsically fail.
Re:How is this useful for law-abiding citizens? by davester666 · 2008-08-07 14:00 · Score: 5, Interesting

Offhand, the only 'good' thing you could do would be to hoop the database. If it's poorly secured, you could get it to delete all the current records. If it's more secure, you could fill it with slightly bogus data [like real names and addresses, but phony credit card numbers.
This could result in:
-fills up the drive on the computer it's stored on, which would at least temporarily halt more stupid people from adding their data to it
-make it difficult to filter out good entries from bad. The data is kind of correct, they might have to actually pass it to the credit card company to actually check if it's good or not
-if they can't filter out the bad entries, it makes using the database to do 'bulk' transactions easier for the credit card companies to notice [assuming they put much effort into it instead of just passing the cost onto merchants] as it happens, instead of 30 days later when people complain.

--
Sleep your way to a whiter smile...date a dentist!
Re:Hmm by Eudial · 2008-08-07 14:13 · Score: 5, Funny

The next logical step would be hackers hacking hacker-hacking hackers.

--
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Old Hat by Pandare · 2008-08-07 14:18 · Score: 5, Funny

This article is an old Trope. In fact, Confucius once said: "Give a man a fish, he eats once. Teach a man to phish and he gets a post in /."
How to prevent phising attacks. by Anonymous Coward · 2008-08-07 14:35 · Score: 5, Insightful

Engage brain before clicking.
Re:One time... by Anonymous Coward · 2008-08-07 15:52 · Score: 5, Funny

"even who-is'd him for them in the e-mail (it appeared to be an Indian name).... I called the number on the ad... He had a thick Indian accent. Same guy? Coincidence?"
No way that was a coincidence. I mean, how many Indians are there?