Microsoft Takes Down Individual Phisher

from the small-steps dept

Prosecutors have apparently convinced someone who set up a phishing scam targeting MSN users to plead guilty for scamming people out of about $57,000. It's good to see prosecutors going after phishing scammers, but this story still raises a few questions. First off, this appears to be a lone phishing attempt by one guy. Many of the more sophisticated phishing scams are actually being run by organized crime groups, making it a lot more difficult to track down those actually responsible. It's good that officials (with the help of Microsoft) can track down the individual scammers, but it's really a tiny tiny dent in the problem. However, what's even more interesting is that the investigation started in September of 2003, but took until June of 2004 to shut this guy down. While it's good that they investigated carefully (enough to get this guy to plead guilty), that's still an awfully long time when the site was up and potentially scamming more people.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 4 Jan 2006 @ 10:51am

    No Subject Given

    Simple reality is a lot (maybe even a majority) of the destination URLs are in eastern europe or the far east, severly limiting investigation let alone prosecution.

    link to this | view in chronology ]

  • identicon
    Keir, 4 Jan 2006 @ 11:17am

    Humm, Policing the net?

    While I see that these people 'phishing' are able to cause alot of trouble for the unsuspecting victim, I can't help but ask myself if I really WANT anyone to be policing the net.

    If someone illegally charges something to your credit card, then by all means lets investigate them for credit card fraud, but I'm not sure I support policing the internet for a site attempting to phish.

    Perhaps this opinion just stems from a strong semi-concious belief that the natural elimination of the weak/uneducated is a good thing, and law enforcement need not step in to save them from themselves.

    link to this | view in chronology ]

    • identicon
      discojohnson, 4 Jan 2006 @ 11:24am

      Re: Humm, Policing the net?

      the net police are being paid because it's believed to cost less to stop the phishers than it would cost in lost revinue from fraud

      link to this | view in chronology ]

    • identicon
      Tuna, 4 Jan 2006 @ 1:18pm

      Re: Humm, Policing the net?

      "strong semi-concious belief that the natural elimination of the weak/uneducated is a good thing,...."

      You will quickly and conciously ban that "semiconcious thought" when your unsuspecting relative or loved one becomes a victim of a phishing attack.

      What a jackass.

      link to this | view in chronology ]

  • identicon
    jammer, 4 Jan 2006 @ 12:23pm

    Why try

    So according to you we should just stop trying.
    How do you know that the "Crime Organizations" aren't being investigated right now?

    What are you doing to catch anyone?

    I applaud the effort.

    link to this | view in chronology ]

    • icon
      Mike (profile), 4 Jan 2006 @ 12:55pm

      Re: Why try

      No, I'm not saying stop trying. Not at all. I'm sorry if that's what you thought I implied. My point was that this one deal isn't a particularly big bust -- and therefore no one should think it's a big dent in phishing, which the press seems to be suggesting.

      link to this | view in chronology ]

  • identicon
    haggie, 4 Jan 2006 @ 3:39pm

    No Subject Given

    Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jan 2006 @ 11:08pm

      Re: No Subject Given

      Why does this need to be policed?

      Okay I'm a NET developer and grew up with technology and I haven't even gave ANY serious thought to these scams.

      HOWEVER,

      I am also a friend, coworker, relative to MANY of those who are not that knowledgeable. Unfortunately, all of these things that seem so obvious aren't. Yes they don't matter to you. I'm so glad we're taking the individualistic approach to things, but, this is a terrible viewpoint in my opinion.

      There are people who scam in a large number of ways and they should be punished just as any others.

      link to this | view in chronology ]

    • identicon
      Tuna, 5 Jan 2006 @ 1:11pm

      Re: No Subject Given

      "Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?"

      For the same reason you police thugs and bullies. Are you a 6'8" bodybuilder who happens to be also excellent with marshall arts and weapons? Good for you. But if you are not, and you find yourself in a danger of physical harm, will you just throw up your arms and say- "Oh well, these guys deserve to survive more than me- it's just Darwinism at work". Why is it OK to take someone's posessions by cunning them, but not by using physical force? Is it because you feel that you have an advantage there? Maybe you do, but seeing your shortsighted logic displayed above I wouldn't bet my money on it.

      link to this | view in chronology ]

  • identicon
    Steve Mueller, 5 Jan 2006 @ 3:02pm

    Darwinism

    haggie wrote:
    Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?

    What a putz. So if somebody scams your old grandmother out of her life savings because she isn't sophisticated in the ways of computers, that's fine. I guess you won't mind losing your inheritance, either, to some unknown crook.

    People who do blatantly stupid things (think "Jackass") may deserve to be removed from the gene pool, but innocent people who just aren't up to date on things or are too trusting are a different matter. There's a big difference between between naive and stupid.

    link to this | view in chronology ]

  • identicon
    ND, 3 Nov 2006 @ 3:12am

    roflmao

    I really don't know what to say, this article is so hillarious, "tracking down individual phishers" ahaha lol, can someon explain how exactly are you doing that "individual track" ? you get 1 e-mail from X saying that he is "Y-bay" and you need to change/update your personal info's... now taking it logically, 1st it is the USERS fault because he doesn't read google and findout more and more informations about phishing and many other security issues, because its not the one's whom sends the mail fault, because this is kinda like hunting with traps, if you fall for/in it then you loose, but its YOUR fault because you didnt informed yourself before doing ANYTHING related with or on internet. Yet again the "phisher" has his "work" risks, if he is stupid and goes to the first free hosting and upload's his mass mailer, then again the next week he might be in jail or somewhere close to that... but if you deal with real phishers... excuse me ... you might never catch EVEN 1 of them... why? i'll explain.... as an IT Security & Support staff been around things like this even everyday... and i'll explain HOW an REAL phisher is doing his "thing" ...
    1. creates an php mass mailer
    2. uses exploits to get into an system/machine/server
    3. uploads the php mass mailer on the hacked server
    4. google helps him to find "newsletters" servers, becomes an member and from there he steals 432432432 X e-mail address
    5. creates the "phishing scam page" copycat
    6. uploads the phishing scam page
    7. uses the php mass mailer
    8. erases all logs and forwards to root@* e-mail that came from non-existing e-mail addresses
    9. erases all traces from the hacked machine
    10. sits back to relax waiting for the "fools" to bite the bait

    then usually if there are more then 1 person in that phishing "group" ... they do it like this...
    one of them sends e-mails, other check's the e-mail where they get the "stolen" informations, other gets the "stolen" info's and verifys them, another one is looking for a "buyer" if they don't know how to use the "stolen" infos... another one washes the money that they gained by phishing.. usually at stores buying electronics and selling them at 85% price and so on... there are 32432432 ways they can do it... and for sure you can catch 1 or maybe 2 but it will be very very very hard to catch the whole group... because 99% of the times each person from that group might be in another city or even country... so its not that easy to catch them... and since we are in 2006 and not 1900... nowadays an simple SMS can ruin your whole operation...


    That's why i belive the only way to catch these phishers is like this.... follow the e-mail from the "phishing scam website", get the IP address... then check to whom those "stolen" info's are sold to and after the "stolen" info's are sold you can catch the "big fish" when the money splits to each member.... and MAYBE you will catch the whole group... but that's only a theory... from words to facts and real things its a big difference.

    That's why i said its pretty much a funny thing all this News report.

    Report2System

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.