ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.
Sponsors
Advisory Boards

FREE EBOOK

Valid Email Required to receive free eBook



Security Tips

Browse by Month

Browse by Category
1

Phishers Getting Smarter

Published: Apr 28, 2009

Identity Theft Expert

It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let him keep the inheritance his wife had inherited from her deceased uncle Bamboo.                                                                                                                                 nigerian

I distinctly remember getting a Nigerian phishing email in 1994-ish, back when I had an AOL account, and actually calling my bank and asking them what their thoughts were and what I should do. I mean 10% of $35 million, which the scammer offered in exchange for my help transferring the funds, was quite a fee for nominal work. All I had to do was front 10 grand in a wire transfer to make it all happen. My bank thought my Nigerian general and I were both nuts, and really didn’t know what I should do.

We didn’t have a lot of data on 419 scams or affinity fraud back then, or at least we didn’t have reliable access to that data, so I relied on what my mom told me early on: if it sounds too good to be true, it’s probably isn’t. So I deleted the email. Then I began to see more and more emails from others in the same quandary as the general.

Times have changed dramatically.

Today, with low cost delivery of email, billions of fraudulent emails are sent out every year. Any sales person knows it’s a numbers game. With billions of emails, you’ll eventually get someone to buy in.spam

Not too long ago, most spam emails came from a few legitimate servers. Once the government cracked down with the Can Spam Act, spam went underground. Most of today’s phishing emails originate from botnets. But what hasn’t changed much is the fraud victims’ sophistication, or lack thereof. The scammers are smarter, but the victims, not so much.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Recently, the usernames and passwords for 700 Comcast customers were posted on a document-sharing website, possibly as a result of a phishing attack. A Comcast employee with access to this type of data could easily have been tricked by a phisher posing as Comcast’s own IT staff, and foolishly released the customer information.

Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Phishers even follow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They capitalize on significant events and natural disasters, such as Hurricane Katrina and most recently, swine flu. Since the swine flu outbreak, as much as 2% of all spamhas the words “swine flu” in the subject line. Numerous websites referencing swine flu in the address have also been registered.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

And of course update McAfee anti-virus and makes sure your PCs operating system has the latest critical security patches.

Robert Siciliano, identity theft speaker, discusses scam-baiters.

Similar Posts

  • Up to 1 Million email Accounts Phished for Identity Theft
    Robert Siciliano Identity Theft Expert Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised. News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com.
  • Criminal Hackers Clean Out Bank Accounts Using Spear Phishing
    Robert Siciliano Identity Theft Expert It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let
  • Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food
    Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait. Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take
  • Identity Theft Expert; "Phexting" is the new phish "I ain't got stupid written on my forehead"
    Identity Theft Speaker Robert Siciliano www.IDTheftSecurity.com Article here; Text Message Scam Interviewed for this article the victims states “I ain’t got stupid written on my forehead” I’m sure she is a lovely woman who must be smarter than her quote. She received a scam text and didnt get taken. Most of us are somewhat aware of text
  • Fostering Awareness & Improving Security Education
    Robert Siciliano Identity Theft Expert Financial institutions have the most to lose and the most to gain by improving security education of their clients and employees. A while back  I appeared on a local TV show talking about phishing. Amazingly, still, not everyone knows what phishing is. A good friend saw the show and was shocked by

One Response to “Phishers Getting Smarter”

[...] you have been living in a cave, you’ve probably received a phishing email at some point. Criminal hackers, assisted by teams of psychologists and sociologists, are designing [...]

Leave a Comment