xoltaric
05-27-2004, 11:32 AM
Here is a summary of an article from the Wall Street Journal. Admittedly, the summaries I get are sometimes off a little because the author didn't really understand what the article was about. Anyway. One thing that struck me as odd was this...
Using the email address provided in one phishing virus, the Wall Street Journal interviewed a Russian whose job was to collect the passwords returned by the program; giving the handle Robotector, the man said he did not know his partners-in-crime except by their aliases and that they met and collaborated via the Internet.
Doesn't that seem a little odd? The Wall Street Journal just went and replied to the scammer? And he ANSWERED? Was this the sender of the original phishing email? Aren't 99.99% of the originating addresses fake or at least not monitored? Or did they do some sniffing and find that the virus emailed said passwords to a certain email address and that's who they emailed? It sounds very strange to me in any case. Why would the Russian have replied?
"Gone Phishing: Web Scam Takes Dangerous Turn"
Wall Street Journal (05/27/04) P. B1; Wagstaff, Jeremy
Phishing scams are not only increasing in number, but in deviousness as well: New phishing schemes not only employ convincing email addresses and fake Web sites, but also involve customized viruses that capture users' logins and passwords or take screenshots of login screens. Computer gangs mostly based in the former Soviet Union are sending out millions of phishing emails at an alarming rate, and the Anti-Phishing Working Group says there were 1,125 phishing incidents in April, 180 percent more than the month before; similarly, email security firm MessageLabs reports an 800-fold increase in phishing incidents over the last six months. The newest phishing campaigns appear to combine the expertise of virus writers, spammers, and socially intuitive con artists. Some banks have begun using pull-down screens for users to select password letters in hopes to avoid keystroke logging programs, but new phishing attacks now capture screenshots to defeat that defense. Using the email address provided in one phishing virus, the Wall Street Journal interviewed a Russian whose job was to collect the passwords returned by the program; giving the handle Robotector, the man said he did not know his partners-in-crime except by their aliases and that they met and collaborated via the Internet. Australia and New Zealand are the target of many phishing attacks because the relatively small number of banks and banking customers there makes it easier to correctly target victims, and phishing groups operating overseas try to enlist locals to transfer money to their offshore accounts, offering those intermediaries a 5 percent cut. Often, these efforts are also scams, with phishing groups posing as international companies and offering intermediaries an official sounding "job," such as sales representative. Experts say phishing is still small-scale compared to other fraud activities, but it could undermine consumer trust in e-commerce and force companies to rethink their entire communication strategies.[/quote]
Using the email address provided in one phishing virus, the Wall Street Journal interviewed a Russian whose job was to collect the passwords returned by the program; giving the handle Robotector, the man said he did not know his partners-in-crime except by their aliases and that they met and collaborated via the Internet.
Doesn't that seem a little odd? The Wall Street Journal just went and replied to the scammer? And he ANSWERED? Was this the sender of the original phishing email? Aren't 99.99% of the originating addresses fake or at least not monitored? Or did they do some sniffing and find that the virus emailed said passwords to a certain email address and that's who they emailed? It sounds very strange to me in any case. Why would the Russian have replied?
"Gone Phishing: Web Scam Takes Dangerous Turn"
Wall Street Journal (05/27/04) P. B1; Wagstaff, Jeremy
Phishing scams are not only increasing in number, but in deviousness as well: New phishing schemes not only employ convincing email addresses and fake Web sites, but also involve customized viruses that capture users' logins and passwords or take screenshots of login screens. Computer gangs mostly based in the former Soviet Union are sending out millions of phishing emails at an alarming rate, and the Anti-Phishing Working Group says there were 1,125 phishing incidents in April, 180 percent more than the month before; similarly, email security firm MessageLabs reports an 800-fold increase in phishing incidents over the last six months. The newest phishing campaigns appear to combine the expertise of virus writers, spammers, and socially intuitive con artists. Some banks have begun using pull-down screens for users to select password letters in hopes to avoid keystroke logging programs, but new phishing attacks now capture screenshots to defeat that defense. Using the email address provided in one phishing virus, the Wall Street Journal interviewed a Russian whose job was to collect the passwords returned by the program; giving the handle Robotector, the man said he did not know his partners-in-crime except by their aliases and that they met and collaborated via the Internet. Australia and New Zealand are the target of many phishing attacks because the relatively small number of banks and banking customers there makes it easier to correctly target victims, and phishing groups operating overseas try to enlist locals to transfer money to their offshore accounts, offering those intermediaries a 5 percent cut. Often, these efforts are also scams, with phishing groups posing as international companies and offering intermediaries an official sounding "job," such as sales representative. Experts say phishing is still small-scale compared to other fraud activities, but it could undermine consumer trust in e-commerce and force companies to rethink their entire communication strategies.[/quote]