Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.
Xtreme School

FREE EBOOK

Valid Email Required to receive free eBook

Check here if you're human

Security Tips

Browse by Month

Browse by Category

Phishers Getting Smarter

1
Published: Apr 28, 2009

Identity Theft Expert

It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let him keep the inheritance his wife had inherited from her deceased uncle Bamboo.                                                                                                                                 nigerian

I distinctly remember getting a Nigerian phishing email in 1994-ish, back when I had an AOL account, and actually calling my bank and asking them what their thoughts were and what I should do. I mean 10% of $35 million, which the scammer offered in exchange for my help transferring the funds, was quite a fee for nominal work. All I had to do was front 10 grand in a wire transfer to make it all happen. My bank thought my Nigerian general and I were both nuts, and really didn’t know what I should do.

We didn’t have a lot of data on 419 scams or affinity fraud back then, or at least we didn’t have reliable access to that data, so I relied on what my mom told me early on: if it sounds too good to be true, it’s probably isn’t. So I deleted the email. Then I began to see more and more emails from others in the same quandary as the general.

Times have changed dramatically.

Today, with low cost delivery of email, billions of fraudulent emails are sent out every year. Any sales person knows it’s a numbers game. With billions of emails, you’ll eventually get someone to buy in.spam

Not too long ago, most spam emails came from a few legitimate servers. Once the government cracked down with the Can Spam Act, spam went underground. Most of today’s phishing emails originate from botnets. But what hasn’t changed much is the fraud victims’ sophistication, or lack thereof. The scammers are smarter, but the victims, not so much.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Recently, the usernames and passwords for 700 Comcast customers were posted on a document-sharing website, possibly as a result of a phishing attack. A Comcast employee with access to this type of data could easily have been tricked by a phisher posing as Comcast’s own IT staff, and foolishly released the customer information.

Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Phishers even follow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They capitalize on significant events and natural disasters, such as Hurricane Katrina and most recently, swine flu. Since the swine flu outbreak, as much as 2% of all spamhas the words “swine flu” in the subject line. Numerous websites referencing swine flu in the address have also been registered.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

And of course update McAfee anti-virus and makes sure your PCs operating system has the latest critical security patches.

Robert Siciliano, identity theft speaker, discusses scam-baiters.

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • Up to 1 Million email Accounts Phished for Identity Theft
    Robert Siciliano Identity Theft Expert Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised. News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com.
  • Criminal Hackers Clean Out Bank Accounts Using Spear Phishing
    Robert Siciliano Identity Theft Expert It wasn’t long ago that most phishing emails were from a supposed Nigerian General Matumbi Mabumboo Watumboo. And you and I were flattered that we were the chosen ones to help the general transfer 35 million out of the country, because the Nigerian government was a bunch of jerks and wouldn’t let
  • Top 5 Scams to Watch Out For
    #1 Nigerian Scams: According to a Dutch study, victims of advanced-fee scams, which are also known as 419 scams or Nigerian scams, lost more than $9 billion in 2009, almost 50% more than the previous year. (This PDF contains the statistics from the study.) While these types of scams are generally understood to be Nigerian in
  • Slam Online Scams
    #1 Nigerian Scams: While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams happen right here in the good old USA by Americans presenting to offer jobs or may ask help to transfer money. #2
  • iTunes a Platform for Phish Scammers
    iTunes users all over the world are being hooked in a possible phishing scam that siphons cash out of their PayPal accounts. Phishing scams, of course, consist of emails that appear to be coming from a legitimate, trusted business. These emails are often designed to trick the victim into revealing login credentials. Once the phishers

One Response to “Phishers Getting Smarter”

[...] you have been living in a cave, you’ve probably received a phishing email at some point. Criminal hackers, assisted by teams of psychologists and sociologists, are designing [...]

Leave a Comment