Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Create 57,000 Fake Sites Each Week

Posted by CmdrTaco on from the because-they-can dept.

wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."

12 of 77 comments (clear)

  1. Sure... by mathmatt · · Score: 2, Funny

    Yeah but most of them just link to http://www.youtube.com/watch?v=oHg5SJYRHA0

    1. Re:Sure... by interkin3tic · · Score: 2

      Is there a way someone could flood these websites with fake credit card numbers that when the scammers try to buy something with it, they get rickrolled? Like Mr. Douchebag scammer takes his girlfriend out for a nice steak dinner using a credit card he, er, downloaded or something from us, and then he goes to pay for it and the waiter swipes the card, and then the fancy music playing in the background screeches to a stop, and "Never gonna give you up" starts playing, and everyone laughs at him, and his girlfriend leaves with another dude...

      I'm not the most technically gifted person on slashdot, if someone else knows how to make this happen...

  2. Battle.net by ildon · · Score: 4, Informative

    I'm honestly surprised that battle.net or World of Warcraft didn't make the top 10. Anyone who's been targeted by their phishing mails is probably familiar with domain names like "battle-auth-blizzard.com"

    1. Re:Battle.net by cygnwolf · · Score: 3, Interesting

      I think the wow ones that maybe work are the ones that say "Battle.Net account alert" or something to that effect, look kind of official and say things to the effect of 'Your account is under investigation for XYZ Reasons, if you want to contest these reasons, pleas visit your account page to contest this or else your account will be suspended," and then have 'links' to 'account management' login pages that catch your e-mail. 'course, my account had been turned off for years before I got the first one like this, and I keep getting more and more of them. I just forward them all unread to hacks@blizzard.com . Ironically enough, I keep tripping yahoo mail's spam filter when I forward more than two or three a day and then they lock down my ability to send mail

      --
      Free Pie! The Pie is Also Evil!
  3. Is someone working on fixing this? by kheldan · · Score: 3, Insightful

    I know that DNS vulnerabilities are being addressed finally. Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  4. Snakes by CarpetShark · · Score: 4, Funny

    Slow down everyone. No one would argue that ASP.net sites aren't bad, but calling them criminal is a bit much.

  5. so sick of seeing by nimbius · · Score: 2, Insightful

    "articles" of this nature. When a company hocking a security product releases earth-shattering statistics for hackers and malware it is not research, or an investigation with any independent credibility. This is marketing fearmongering designed to get people to buy the product.

    --
    Good people go to bed earlier.
  6. sure... by damn_registrars · · Score: 4, Insightful

    Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

    I agree whole-heartedly that something should be done about the crooked and complacent registrars. The problem is, who should take the action? The most logical step is ICANN, since they handle registrar accreditation, except they have shown repeatedly that they will not take any meaningful steps. And of course, ICANN only does accreditation for registrars of the largest TLDs (for now), so anything from another country's list of TLDs is beyond their jurisdiction (and soon pretty much everything will be beyond their jurisdiction).

    So if ICANN won't do it, who then should? It is pretty well impossible to take legal action against the registrars and expect anything meaningful to come of that, so unless you want to advocate vigilante justice you're just SOL.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  7. Poor security comes from early no security by magarity · · Score: 2, Interesting

    I always think of the recollections in Levy's "Hackers" when the early days' programmers at Berkeley and MIT would insist security was only for fascists and even balked at passwords for accounts. Computer security will probably never catch up because it was never a focus at the start. What's always among the first things now when making a new software package but how to segment permissions, etc, but that's always on a system whose underlying base has security issues. Sigh, dang hippies!

  8. Stupid, or otherwise concerned by CarpetShark · · Score: 3, Interesting

    The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:

    * banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.

    * insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.

  9. Re:You can thank your favorite registrars there... by Phrogman · · Score: 2, Insightful

    Which is why some Government agency and not ICANN should be administering the domain names, or at the least some governing body with members posted from each of the major nations on the net or something.

    --
    "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
  10. Re:You can thank your favorite registrars there... by John+Hasler · · Score: 2, Insightful

    Because there is no chance at all that government would misuse control of DNS...

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.