Microsoft Takes Down Individual Phisher
from the small-steps dept
Prosecutors have apparently convinced someone who set up a phishing scam targeting MSN users to plead guilty for scamming people out of about $57,000. It's good to see prosecutors going after phishing scammers, but this story still raises a few questions. First off, this appears to be a lone phishing attempt by one guy. Many of the more sophisticated phishing scams are actually being run by organized crime groups, making it a lot more difficult to track down those actually responsible. It's good that officials (with the help of Microsoft) can track down the individual scammers, but it's really a tiny tiny dent in the problem. However, what's even more interesting is that the investigation started in September of 2003, but took until June of 2004 to shut this guy down. While it's good that they investigated carefully (enough to get this guy to plead guilty), that's still an awfully long time when the site was up and potentially scamming more people.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
[ link to this | view in thread ]
Humm, Policing the net?
If someone illegally charges something to your credit card, then by all means lets investigate them for credit card fraud, but I'm not sure I support policing the internet for a site attempting to phish.
Perhaps this opinion just stems from a strong semi-concious belief that the natural elimination of the weak/uneducated is a good thing, and law enforcement need not step in to save them from themselves.
[ link to this | view in thread ]
Re: Humm, Policing the net?
[ link to this | view in thread ]
Why try
How do you know that the "Crime Organizations" aren't being investigated right now?
What are you doing to catch anyone?
I applaud the effort.
[ link to this | view in thread ]
Re: Why try
[ link to this | view in thread ]
Re: Humm, Policing the net?
You will quickly and conciously ban that "semiconcious thought" when your unsuspecting relative or loved one becomes a victim of a phishing attack.
What a jackass.
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
Re: No Subject Given
Okay I'm a NET developer and grew up with technology and I haven't even gave ANY serious thought to these scams.
HOWEVER,
I am also a friend, coworker, relative to MANY of those who are not that knowledgeable. Unfortunately, all of these things that seem so obvious aren't. Yes they don't matter to you. I'm so glad we're taking the individualistic approach to things, but, this is a terrible viewpoint in my opinion.
There are people who scam in a large number of ways and they should be punished just as any others.
[ link to this | view in thread ]
Re: No Subject Given
For the same reason you police thugs and bullies. Are you a 6'8" bodybuilder who happens to be also excellent with marshall arts and weapons? Good for you. But if you are not, and you find yourself in a danger of physical harm, will you just throw up your arms and say- "Oh well, these guys deserve to survive more than me- it's just Darwinism at work". Why is it OK to take someone's posessions by cunning them, but not by using physical force? Is it because you feel that you have an advantage there? Maybe you do, but seeing your shortsighted logic displayed above I wouldn't bet my money on it.
[ link to this | view in thread ]
Darwinism
Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?
What a putz. So if somebody scams your old grandmother out of her life savings because she isn't sophisticated in the ways of computers, that's fine. I guess you won't mind losing your inheritance, either, to some unknown crook.
People who do blatantly stupid things (think "Jackass") may deserve to be removed from the gene pool, but innocent people who just aren't up to date on things or are too trusting are a different matter. There's a big difference between between naive and stupid.
[ link to this | view in thread ]
roflmao
1. creates an php mass mailer
2. uses exploits to get into an system/machine/server
3. uploads the php mass mailer on the hacked server
4. google helps him to find "newsletters" servers, becomes an member and from there he steals 432432432 X e-mail address
5. creates the "phishing scam page" copycat
6. uploads the phishing scam page
7. uses the php mass mailer
8. erases all logs and forwards to root@* e-mail that came from non-existing e-mail addresses
9. erases all traces from the hacked machine
10. sits back to relax waiting for the "fools" to bite the bait
then usually if there are more then 1 person in that phishing "group" ... they do it like this...
one of them sends e-mails, other check's the e-mail where they get the "stolen" informations, other gets the "stolen" info's and verifys them, another one is looking for a "buyer" if they don't know how to use the "stolen" infos... another one washes the money that they gained by phishing.. usually at stores buying electronics and selling them at 85% price and so on... there are 32432432 ways they can do it... and for sure you can catch 1 or maybe 2 but it will be very very very hard to catch the whole group... because 99% of the times each person from that group might be in another city or even country... so its not that easy to catch them... and since we are in 2006 and not 1900... nowadays an simple SMS can ruin your whole operation...
That's why i belive the only way to catch these phishers is like this.... follow the e-mail from the "phishing scam website", get the IP address... then check to whom those "stolen" info's are sold to and after the "stolen" info's are sold you can catch the "big fish" when the money splits to each member.... and MAYBE you will catch the whole group... but that's only a theory... from words to facts and real things its a big difference.
That's why i said its pretty much a funny thing all this News report.
Report2System
[ link to this | view in thread ]