Computer Crime Research Center


Don't get that bait, phishing

Date: May 25, 2006

Internet crime often starts with phishing, the practice of sending out reams of cleverly worded email to try and dupe users into revealing bank account or log-in credentials via a fraudulent Web site, says a security expert. "The Web is under attack," says Phillip Hallam-Baker, principal scientist at VeriSign Inc, who gave a session Thursday on Internet crime at the W3C (World Wide Web) conference in Edinburgh, Scotland, this week.
Phishers send e-mail that say users’ account information has expired or needs updating. The e-mail includes links to a site that may look very similar to their bank Web site, but isn’t. Once those credentials are obtained, criminals use the information in a variety of creative and costly scams.

The tools to commit e-crime are for sale on the Internet. Mounting an attack on millions of Internet users can be done for a little as Rs 13,500 ($300), Hallam-Baker said. Networks of computers under the control of hackers, called botnets, can be rented to send spam. Also for sale are lists of up to 100 million e-mail addresses.

Hallam-Baker said one Russian hacker will create a custom rootkit—a method to hide a piece of malicious software deep in a computer’s operating system—for about Rs 2,700 ($60).
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo