The use of pre-made phishing kits by less than detail-oriented phishers gives lie to the belief that phishers tend to be savvy and sophisticated criminals.
|Most Phishers Clueless, Say Researchers|
Clever phishers do exist, and post a continual danger to people and financial institutions. The majority may be little more than criminals who in the physical world would be the types to try doors to find ones that are unlocked to find someplace to burgle.
An intriguing interview with Nitesh Dhanjani and Billy Rios at Help Net Security recounted the duo’s investigations into the phishing community. They delved into the world of phishing and came back with a number of insights.
For one, sloppiness rules in the phishing world. If it weren’t for pre-made kits, a lot of the phishers out there probably wouldn’t be in the business.
“I had always thought that most phishers were clever hackers evading authorities using the latest evasion techniques and tools. The reality of the matter is most of the phishers we tracked were sloppy and unsophisticated,” Rios said in the interview.
Despite that state of affairs, the impact of phishing proved itself with a simple search on a string of text used by one script when forwarding phished information to the phisher.
“We decided to Google for that particular string. Social Security numbers, bank account numbers, dates of birth, ATM PINs, addresses, credentials to online banking accounts, all out in the open, a lot of which was collected from victims only a few hours ago,” Dhanjani observed.
“It was quite unnerving.”
We’re inclined to agree.