phishing, vishing, identity theft, social networking, myspace, facebook, passwords
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

March 2009 Posts

Archives
  Scott Wright's Security Views
Blog Entry

Secrets of an Identity Thief Interpreted for Your Edification

Friday, March 6th 2009 @ 11:46 PM (not yet rated)    post viewed 804 times

Did you ever wonder why hackers, phishers,  and scammers go to all the trouble of creating so many fake emails and messages on social networking sites? It's primarily to steal userids, passwords and identity information that can be sold to other spammers. This article (click HERE) is apparently an interview with an 18 year old phisher who's been doing it for  at least 4 years. There is some controversy over the hacker's claims, but the writer who did the interview (RSnake) is respected in the security industry, and says he has verified some of the individual's claims.

There is a bit of technical jargon (and some crude verbiage in the appended comments), but the important points to note are:

  • He claims to have stolen over 20 million identities
  • He says he did it all by himself using easily available tools online, although he's had lots of offers to join larger syndicates
  • He targets teenagers mostly, by having automated tools that post messages that appear to be from "friends" in social networking sites like Facebook and MySpace
  • He says he creates plausible websites with realistic domain names, and collects data from people by online forms they fill out when they get to his sites
  • He says over 50% of people use the same password in more than one account, which increases his profitability greatly
  • He says he makes at least $3,000 per day from his scams
  • He uses some moderately complex tools to hide his location
  • He says that, while Firefox 2 and Internet Explorer 7 browsers (or newer) have phishing filters that put a dent in his progress, it's still very easy to harvest identities through phishing
  • His closing comment is that "Lazy Web developers are the reason I'm still around phishing"; meaning that if the social networking sites had built more security into their applications, he would have a much harder time being successful
  • Further comments to the article indicate that "a recommendation from a friend" is the most convincing way to get somebody to follow a link to a phishing site. All the phishers have to do is get somebody to accept their friend invitations to start the ball rolling. So, be very skeptical of referrals to websites from friends for  "great deals" on anything 

The bottom line is that you should not rely on information or links from a social networking site unless you can verify that it is legitimate from another source.

Is your security awareness training just a set of old Powerpoint slides that you pull out once a year and present at an all-hands meeting? You can now provide much more effective security awareness training for your staff, for much less cost than you think. Contact me if you'd like to discuss how you can create a culture of security through a variety of live programs, and modern e-Learning techniques.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

Web Analytics

 rate this post: very bad poor average good fantastic!
Comments