W3C - Phishing remains root of flourishing e-crime

Phishing remains at the core of a host of scams creating by criminals using the Internet.

"The Web is under attack," said Phillip Hallam-Baker, principal scientist at VeriSign, who gave a session Thursday on Internet crime at the W3C (World Wide Web) conference in Edinburgh, Scotland, this week.

Internet crime often starts with phishing, the practice of duping a user into revealing bank account or log-in credentials via a fraudulent Web site.

Phishers send out reams of e-mail bait that say users' account information has expired or needs updating. The e-mail includes links to a site that may look very similar to their bank Web site, but isn't. Once those credentials are obtained, criminals use the information in a variety of creative and costly scams.

The tools to commit e-crime are for sale on the Internet. Mounting an attack on millions of Internet users can be done for a little as US$300, Hallam-Baker said. Networks of computers under the control of hackers, called botnets, can be rented to send spam. Also for sale are lists of up to 100 million e-mail addresses.

Hallam-Baker said one Russian hacker will create a custom rootkit -- a method to hide a piece of malicious software deep in a computer's operating system -- for about US$60.

If users are tricked into clicking on an attachment with a piece of malware, it can mean all of their personal data, such as passwords and credit card numbers, can be recorded and sent back to the hacker, who may resell them to other criminals.

The following are examples Hallam-Baker gave of the next steps clever e-criminals take after obtaining personal information:

Carding: Once credit card numbers are collected from a phishing site, the next step is putting the numbers to use in a way that can't easily be traced, a practice known as "carding." The fraud starts when scammers attract people through work-at-home schemes. The people, who believe they are doing a legitimate job as a packer or reshipper, assume the role of the "mule," an effective transit point to launder money or goods.

The scam works like this: The carder uses a credit card to order an item that's delivered to the mule. The mule's job is to move the goods to another person -- a fence -- who either sells the goods or moves them on to the carder.

When a fraudulent purchase is reported on the credit card, the mule is the first contact with law enforcement, and often, is liable.

Auction fraud: This scam involves users' log-in credentials for auction sites.

An Internet auction site user receives an e-mail asking about a laptop the user is supposed to send. The auction user is not supposed to send a laptop, and to resolve the misunderstanding the user is tricked into revealing information on a phishing site.

The perpetrator sells a camera on the auction site with the user's credentials. The camera buyer wires the money to the scammer, usually through a hard-to-trace wire transfer service such as Western Union, Hallam-Baker said.

The camera buyer e-mails the Web auction user asking for the camera. However, there is no camera.

Pump and dump: This hard-to-trace scam often crosses borders, making criminal investigations difficult.

A phisher will gain access to dozens of brokerage accounts and buy a few hundred dollars worth of "penny" stocks, typically those valued under US$1. The thinly traded stocks start to rise in value, and the criminals sell their own holdings on the market, Hallam-Baker said.

The U.S. Federal Bureau of Investigation has probes under way after several banks alerted the agency to this fraud, said Scott McGaunn, a special agent who investigates computer crimes.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?