Microsoft Takes Down Individual Phisher

from the small-steps dept

Prosecutors have apparently convinced someone who set up a phishing scam targeting MSN users to plead guilty for scamming people out of about $57,000. It's good to see prosecutors going after phishing scammers, but this story still raises a few questions. First off, this appears to be a lone phishing attempt by one guy. Many of the more sophisticated phishing scams are actually being run by organized crime groups, making it a lot more difficult to track down those actually responsible. It's good that officials (with the help of Microsoft) can track down the individual scammers, but it's really a tiny tiny dent in the problem. However, what's even more interesting is that the investigation started in September of 2003, but took until June of 2004 to shut this guy down. While it's good that they investigated carefully (enough to get this guy to plead guilty), that's still an awfully long time when the site was up and potentially scamming more people.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jan 4th, 2006 @ 10:51am

    No Subject Given

    Simple reality is a lot (maybe even a majority) of the destination URLs are in eastern europe or the far east, severly limiting investigation let alone prosecution.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Keir, Jan 4th, 2006 @ 11:17am

    Humm, Policing the net?

    While I see that these people 'phishing' are able to cause alot of trouble for the unsuspecting victim, I can't help but ask myself if I really WANT anyone to be policing the net.

    If someone illegally charges something to your credit card, then by all means lets investigate them for credit card fraud, but I'm not sure I support policing the internet for a site attempting to phish.

    Perhaps this opinion just stems from a strong semi-concious belief that the natural elimination of the weak/uneducated is a good thing, and law enforcement need not step in to save them from themselves.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    discojohnson, Jan 4th, 2006 @ 11:24am

    Re: Humm, Policing the net?

    the net police are being paid because it's believed to cost less to stop the phishers than it would cost in lost revinue from fraud

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    jammer, Jan 4th, 2006 @ 12:23pm

    Why try

    So according to you we should just stop trying.
    How do you know that the "Crime Organizations" aren't being investigated right now?

    What are you doing to catch anyone?

    I applaud the effort.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Mike (profile), Jan 4th, 2006 @ 12:55pm

    Re: Why try

    No, I'm not saying stop trying. Not at all. I'm sorry if that's what you thought I implied. My point was that this one deal isn't a particularly big bust -- and therefore no one should think it's a big dent in phishing, which the press seems to be suggesting.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Tuna, Jan 4th, 2006 @ 1:18pm

    Re: Humm, Policing the net?

    "strong semi-concious belief that the natural elimination of the weak/uneducated is a good thing,...."

    You will quickly and conciously ban that "semiconcious thought" when your unsuspecting relative or loved one becomes a victim of a phishing attack.

    What a jackass.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    haggie, Jan 4th, 2006 @ 3:39pm

    No Subject Given

    Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 4th, 2006 @ 11:08pm

    Re: No Subject Given

    Why does this need to be policed?

    Okay I'm a NET developer and grew up with technology and I haven't even gave ANY serious thought to these scams.

    HOWEVER,

    I am also a friend, coworker, relative to MANY of those who are not that knowledgeable. Unfortunately, all of these things that seem so obvious aren't. Yes they don't matter to you. I'm so glad we're taking the individualistic approach to things, but, this is a terrible viewpoint in my opinion.

    There are people who scam in a large number of ways and they should be punished just as any others.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Tuna, Jan 5th, 2006 @ 1:11pm

    Re: No Subject Given

    "Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?"

    For the same reason you police thugs and bullies. Are you a 6'8" bodybuilder who happens to be also excellent with marshall arts and weapons? Good for you. But if you are not, and you find yourself in a danger of physical harm, will you just throw up your arms and say- "Oh well, these guys deserve to survive more than me- it's just Darwinism at work". Why is it OK to take someone's posessions by cunning them, but not by using physical force? Is it because you feel that you have an advantage there? Maybe you do, but seeing your shortsighted logic displayed above I wouldn't bet my money on it.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Steve Mueller, Jan 5th, 2006 @ 3:02pm

    Darwinism

    haggie wrote:
    Phishing scams are Darwinism at work. If you are stupid enough to get suckered in by a phishing email, it is just a matter of time before someone (online or offline) was able to trick you out of your life savings. Eventually, the idiots are broke, cannot afford Internet access, and go away. Why do we need to even police this?

    What a putz. So if somebody scams your old grandmother out of her life savings because she isn't sophisticated in the ways of computers, that's fine. I guess you won't mind losing your inheritance, either, to some unknown crook.

    People who do blatantly stupid things (think "Jackass") may deserve to be removed from the gene pool, but innocent people who just aren't up to date on things or are too trusting are a different matter. There's a big difference between between naive and stupid.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    ND, Nov 3rd, 2006 @ 3:12am

    roflmao

    I really don't know what to say, this article is so hillarious, "tracking down individual phishers" ahaha lol, can someon explain how exactly are you doing that "individual track" ? you get 1 e-mail from X saying that he is "Y-bay" and you need to change/update your personal info's... now taking it logically, 1st it is the USERS fault because he doesn't read google and findout more and more informations about phishing and many other security issues, because its not the one's whom sends the mail fault, because this is kinda like hunting with traps, if you fall for/in it then you loose, but its YOUR fault because you didnt informed yourself before doing ANYTHING related with or on internet. Yet again the "phisher" has his "work" risks, if he is stupid and goes to the first free hosting and upload's his mass mailer, then again the next week he might be in jail or somewhere close to that... but if you deal with real phishers... excuse me ... you might never catch EVEN 1 of them... why? i'll explain.... as an IT Security & Support staff been around things like this even everyday... and i'll explain HOW an REAL phisher is doing his "thing" ...
    1. creates an php mass mailer
    2. uses exploits to get into an system/machine/server
    3. uploads the php mass mailer on the hacked server
    4. google helps him to find "newsletters" servers, becomes an member and from there he steals 432432432 X e-mail address
    5. creates the "phishing scam page" copycat
    6. uploads the phishing scam page
    7. uses the php mass mailer
    8. erases all logs and forwards to root@* e-mail that came from non-existing e-mail addresses
    9. erases all traces from the hacked machine
    10. sits back to relax waiting for the "fools" to bite the bait

    then usually if there are more then 1 person in that phishing "group" ... they do it like this...
    one of them sends e-mails, other check's the e-mail where they get the "stolen" informations, other gets the "stolen" info's and verifys them, another one is looking for a "buyer" if they don't know how to use the "stolen" infos... another one washes the money that they gained by phishing.. usually at stores buying electronics and selling them at 85% price and so on... there are 32432432 ways they can do it... and for sure you can catch 1 or maybe 2 but it will be very very very hard to catch the whole group... because 99% of the times each person from that group might be in another city or even country... so its not that easy to catch them... and since we are in 2006 and not 1900... nowadays an simple SMS can ruin your whole operation...


    That's why i belive the only way to catch these phishers is like this.... follow the e-mail from the "phishing scam website", get the IP address... then check to whom those "stolen" info's are sold to and after the "stolen" info's are sold you can catch the "big fish" when the money splits to each member.... and MAYBE you will catch the whole group... but that's only a theory... from words to facts and real things its a big difference.

    That's why i said its pretty much a funny thing all this News report.

    Report2System

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This