Who are Phishers and what do they do?
Phisher (pronounced as �fisher�) is a term used for a person who does the act of Phishing.
PHISHERS are like parasites in this Web World, who take the advantage of the vulnerabilities in the system and pose a big threat to the very existence of Online Transactions.
Phishers are basically fraudsters who use social engineering tricks on the Internet and some harmful software to pry on your important personal and financial information. They gather important information like your bank logins or credit card information and then use it like their own.
Phishers Psychology
An insight into the Phishers mind will reveal that not all of the Phishers do it for money. There are some who do it because they think it is fun. Some others do it because they get a kick out of it. Find below the common characteristic traits of these fraudsters
They mostly fall under the age group of 15 to 30.
They are easily susceptible to online crime because of easy access to internet and also because of the negative environment they grow up in.
They don�t fear being caught or their identity being revealed because it�s on the internet and there�s no physical appearance at any point of time.
Most of them wish to make big money in short time. On a good day, they even make $20,000 to $50,000 in 24 hours.
They think it is fun. Some start with having fun then get into serious crime.
Mostly the fraudsters are from poor nations or developing countries.
They hardly bother about victim�s emotions and feelings.
For most of them, it�s their job to make a living.
They have unlimited access to technology and have extremely good technical expertise.
They are smart and often think of innovative ways to cheat people.
Target
The most favorite target for the fraudsters are innocent people who are not aware of the various kinds of technology frauds that are prevalent. Also among the target are people who are not so savvy with the computer and who are usually lured with the prospect of making easy money or dating.
When it comes to targeting large organizations, the Phishers usually target the financial organizations because these organizations do a lot of financial transactions everyday and all of their work and information is dependant on technology.
Tricks and Techniques
The Phishers or fraudsters use all the tricks and techniques of social engineering to trap innocent victims. The victims usually fall prey to what seems like a genuine request for personal and financial information.
Phishing
One of the common ways of phishing is to use a Web design and URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. You then enter your account details and password (sadly, it�s for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters. This is when your account becomes susceptible to use by the fraudster in any way as he pleases
Dating Scams
Fraudsters pose as beautiful girls and enroll themselves in various dating and social networking sites. Novice users not aware of this ploy get attracted to them by seeing some fake pictures/videos and contact them. Fraudsters then exploit them to the maximum extent like:
Claiming that they are in deep financial trouble and would like you to support them with some money.
Claiming that they need money as he/she wants to come to US and marry her/him.
Get bank accounts from them for transferring stolen money making them money mules
Use their address to send bill pay check (sent from compromised accounts) and asking them to cash the check at their bank account and forward the cash to them.
Using their address to send purchased goods bought by stolen cards and then asks them to forward to their country as most of the online shops do not send goods overseas.
Users need to be careful when comes to dating scams because it is an emotional loss apart from a monetary loss. They might lose trust on the Internet and people altogether.
If you are interested in dating an online partner you need to verify the partner carefully before you begin the relationship. If the partner is based overseas, then make sure to call them and verify the phone number and address of the place given by the partner. Because most of the fraudsters even though use a US or UK phone number, they use the forwarding feature of these numbers and stay overseas.
Vishing
Here fraudsters setup a fake call center using Voice over IP (VOIP). They usually send emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose.
Fraudsters often think of innovative ways to scam innocent people. Most prevalent are phishing, pharming, URL spoofing, dating or romance scams, job scams, money mules scams, over payment fraud, foreign lottery scams, pharmacy scams, auction scams, Escrow service scams, advanced fee scams, cross border scams, investment scams, charities fraud, Debt elimination scams, Nigerian letter scams or Nigerian 4-1-9 scams, Foreign lottery scams, Sweepstakes or prize scams, Work from home scams, Counterfeit cashiers checks fraud, Counterfeit money order scams, Telemarketing fraud, spam emails, spy ware, hacking and much more.
Cashing your information
Have you ever wondered how others would use your personal and financial information after they�ve stolen it from you? Below are some of the common ways how they�re used:
Identity theft � Your identity can be used to impersonate you and commit hideous crimes.
Credit card information � can be used to shop online or create a counterfeit card to shop in stores.
Bank Logins � can be used to transfer funds, pay bills or obtain loans and cards.
Debit card information - to create duplicate debit cards and withdraw amounts at ATM and Point of Sale transactions
ebay logins - to bid auctions
PayPal logins � transfer your money to other PayPal accounts
Trading accounts - to trade stocks
SSN and DL information - to create duplicate cards and get social benefits in your name or commit other crimes.
What�s worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you�re probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet.
Communication
Even in the world of cyber crime there are specialists who are experts in a particular area of crime. Some are experts in hacking, some in setting up fake websites, some in stealing credit card information etc. Though these guys are located at different parts of the world they usually meet at a common place to communicate with each other and sell each other�s expertise.
There are various means by which these guys communicate. The most common are underground forums which are not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms, messenger chat sessions or email conversations to share their services for a price and few of them go to an extent of hosting websites to sell stolen cards.
Who�s who?
Most of us are familiar with terms Phishing and Phishers, but there are many others who support them. Here are few names
Impersonators:
These guys take all the stolen data of a cardholder and contact the banks posing as the cardholder. With that information they might change the billing address to receive goods, order for a credit card, obtain a bank loan, or use the cardholder�s identity to commit crime.
Pin Cashiers:
The PIN cashiers are a group of fraudsters who specialize in making a replica of the ATM cards and then cash them at ATM's using the theft data got by ATM skimming , Point of sale skimming or phishing.
Dump Vendors:
A dump is the information of your card�s magnetic strip which includes track1 and track2. These guys sell magnetic strip data of credit cards which is either stolen at ATM's using ATM skimmers, POS scams, hacked from merchant Websites and phishing scams. They usually sell each card ranging from 10 USD to 150 USD depending on the card�s credit limit.
Bank Drops:
The role of these guys is to provide bank accounts by making common people victims of dating scams or money transferring agents so that Phishers can make bank transfers or bill pays using the stolen data.
Drops:
These guys provide legitimate address to ship goods which are bought using the theft credit cards or collect money made from auctions fraud or other frauds.
Hackers:
Hackers are those tech savvy individuals who hack into websites for credit cards or to host phishing scams. They hack into novice user computers and can use the victim�s personal or financial information for their own purpose. They might use the victim�s computers as bots (a chain of computers which can be controlled simultaneously) to send millions of spam emails or use them as proxies to cover the tracks of the original IP address.
Connectivity:
All these guys who are experts in different kinds of fraud meet at a common place like an underground forum which is not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms and messenger chat sessions to share their services, for a price of course.
Money Transactions:
These guys are located around the globe and they usually use e-currencies to transact.
Covering the tracks
One of the reasons why phishing and other cyber crimes are difficult to fight is because of the anonymity and fraudsters location around the globe. Since everything happens on cyber space there is no physical existence or evidence of the fraud. This makes them difficult to track.
Thanks to technology, fraudsters find ways to cover the IP address from which they are operating. They use proxy servers, socks chains, Virtual Private Network�s and dedicated servers to cover their IP addresses.
Infact things are so worse that the fraudster doesn�t have to be tech savvy to do all this. There are many websites that provide this kind of service. For those fraudsters who want to play it really safe they turn to underground sources where other fraudsters provide the service � �how to cover your IP address�.
Threat to e-commerce Industry
Life is not the same since the inception of internet and e-commerce. With a single click of your mouse you could be traveling thousands of cyber miles within fraction of a second. Transactions worth billions happen at a click of Mouse. People see their banks in their computers and have started doing their banking and credit card transactions via Web. People started to shop in the virtual world. Many super virtual stores carved their niche in this world.
Phishers have taken this as their sole point of existence - started infecting online users with scam emails, with key loggers and started monitoring their online information. This is nothing but Identity Theft. They also started creating scam pages that would look like a copybook of the authentic websites. Innocent and unsuspecting users visit these pages and provide sensitive/personal information like credit card information (CVV code/billing details), debit card information including PIN (Personal Identification Number), Banking Details like Logins, Account/Routing number, SSN (Social Security Number) and other sensitive information including passwords.
Amount worth billions of dollars is lost and no one is able trace them. In 2006 the amount of money lost in identity fraud is estimated to be $55.7 billion. Apart from the money that is lost in these transactions, the very reputation of the genuine organizations is at stake. It becomes so bad that unless you are cautious you never know who's watching your computer and where you're landing when you open up a web page.
Apart from innocent people, all credit card companies, banks and e-commerce companies are the victims of Phishers activities. All these frauds are a major threat to the e-commerce industry on the whole and unless this is stemmed from the root, the trust of users on making transaction over the internet will be lost.
Phisher (pronounced as �fisher�) is a term used for a person who does the act of Phishing.
PHISHERS are like parasites in this Web World, who take the advantage of the vulnerabilities in the system and pose a big threat to the very existence of Online Transactions.
Phishers are basically fraudsters who use social engineering tricks on the Internet and some harmful software to pry on your important personal and financial information. They gather important information like your bank logins or credit card information and then use it like their own.
Phishers Psychology
An insight into the Phishers mind will reveal that not all of the Phishers do it for money. There are some who do it because they think it is fun. Some others do it because they get a kick out of it. Find below the common characteristic traits of these fraudsters
They mostly fall under the age group of 15 to 30.
They are easily susceptible to online crime because of easy access to internet and also because of the negative environment they grow up in.
They don�t fear being caught or their identity being revealed because it�s on the internet and there�s no physical appearance at any point of time.
Most of them wish to make big money in short time. On a good day, they even make $20,000 to $50,000 in 24 hours.
They think it is fun. Some start with having fun then get into serious crime.
Mostly the fraudsters are from poor nations or developing countries.
They hardly bother about victim�s emotions and feelings.
For most of them, it�s their job to make a living.
They have unlimited access to technology and have extremely good technical expertise.
They are smart and often think of innovative ways to cheat people.
Target
The most favorite target for the fraudsters are innocent people who are not aware of the various kinds of technology frauds that are prevalent. Also among the target are people who are not so savvy with the computer and who are usually lured with the prospect of making easy money or dating.
When it comes to targeting large organizations, the Phishers usually target the financial organizations because these organizations do a lot of financial transactions everyday and all of their work and information is dependant on technology.
Tricks and Techniques
The Phishers or fraudsters use all the tricks and techniques of social engineering to trap innocent victims. The victims usually fall prey to what seems like a genuine request for personal and financial information.
Phishing
One of the common ways of phishing is to use a Web design and URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. You then enter your account details and password (sadly, it�s for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters. This is when your account becomes susceptible to use by the fraudster in any way as he pleases
Dating Scams
Fraudsters pose as beautiful girls and enroll themselves in various dating and social networking sites. Novice users not aware of this ploy get attracted to them by seeing some fake pictures/videos and contact them. Fraudsters then exploit them to the maximum extent like:
Claiming that they are in deep financial trouble and would like you to support them with some money.
Claiming that they need money as he/she wants to come to US and marry her/him.
Get bank accounts from them for transferring stolen money making them money mules
Use their address to send bill pay check (sent from compromised accounts) and asking them to cash the check at their bank account and forward the cash to them.
Using their address to send purchased goods bought by stolen cards and then asks them to forward to their country as most of the online shops do not send goods overseas.
Users need to be careful when comes to dating scams because it is an emotional loss apart from a monetary loss. They might lose trust on the Internet and people altogether.
If you are interested in dating an online partner you need to verify the partner carefully before you begin the relationship. If the partner is based overseas, then make sure to call them and verify the phone number and address of the place given by the partner. Because most of the fraudsters even though use a US or UK phone number, they use the forwarding feature of these numbers and stay overseas.
Vishing
Here fraudsters setup a fake call center using Voice over IP (VOIP). They usually send emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose.
Fraudsters often think of innovative ways to scam innocent people. Most prevalent are phishing, pharming, URL spoofing, dating or romance scams, job scams, money mules scams, over payment fraud, foreign lottery scams, pharmacy scams, auction scams, Escrow service scams, advanced fee scams, cross border scams, investment scams, charities fraud, Debt elimination scams, Nigerian letter scams or Nigerian 4-1-9 scams, Foreign lottery scams, Sweepstakes or prize scams, Work from home scams, Counterfeit cashiers checks fraud, Counterfeit money order scams, Telemarketing fraud, spam emails, spy ware, hacking and much more.
Cashing your information
Have you ever wondered how others would use your personal and financial information after they�ve stolen it from you? Below are some of the common ways how they�re used:
Identity theft � Your identity can be used to impersonate you and commit hideous crimes.
Credit card information � can be used to shop online or create a counterfeit card to shop in stores.
Bank Logins � can be used to transfer funds, pay bills or obtain loans and cards.
Debit card information - to create duplicate debit cards and withdraw amounts at ATM and Point of Sale transactions
ebay logins - to bid auctions
PayPal logins � transfer your money to other PayPal accounts
Trading accounts - to trade stocks
SSN and DL information - to create duplicate cards and get social benefits in your name or commit other crimes.
What�s worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you�re probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet.
Communication
Even in the world of cyber crime there are specialists who are experts in a particular area of crime. Some are experts in hacking, some in setting up fake websites, some in stealing credit card information etc. Though these guys are located at different parts of the world they usually meet at a common place to communicate with each other and sell each other�s expertise.
There are various means by which these guys communicate. The most common are underground forums which are not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms, messenger chat sessions or email conversations to share their services for a price and few of them go to an extent of hosting websites to sell stolen cards.
Who�s who?
Most of us are familiar with terms Phishing and Phishers, but there are many others who support them. Here are few names
Impersonators:
These guys take all the stolen data of a cardholder and contact the banks posing as the cardholder. With that information they might change the billing address to receive goods, order for a credit card, obtain a bank loan, or use the cardholder�s identity to commit crime.
Pin Cashiers:
The PIN cashiers are a group of fraudsters who specialize in making a replica of the ATM cards and then cash them at ATM's using the theft data got by ATM skimming , Point of sale skimming or phishing.
Dump Vendors:
A dump is the information of your card�s magnetic strip which includes track1 and track2. These guys sell magnetic strip data of credit cards which is either stolen at ATM's using ATM skimmers, POS scams, hacked from merchant Websites and phishing scams. They usually sell each card ranging from 10 USD to 150 USD depending on the card�s credit limit.
Bank Drops:
The role of these guys is to provide bank accounts by making common people victims of dating scams or money transferring agents so that Phishers can make bank transfers or bill pays using the stolen data.
Drops:
These guys provide legitimate address to ship goods which are bought using the theft credit cards or collect money made from auctions fraud or other frauds.
Hackers:
Hackers are those tech savvy individuals who hack into websites for credit cards or to host phishing scams. They hack into novice user computers and can use the victim�s personal or financial information for their own purpose. They might use the victim�s computers as bots (a chain of computers which can be controlled simultaneously) to send millions of spam emails or use them as proxies to cover the tracks of the original IP address.
Connectivity:
All these guys who are experts in different kinds of fraud meet at a common place like an underground forum which is not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms and messenger chat sessions to share their services, for a price of course.
Money Transactions:
These guys are located around the globe and they usually use e-currencies to transact.
Covering the tracks
One of the reasons why phishing and other cyber crimes are difficult to fight is because of the anonymity and fraudsters location around the globe. Since everything happens on cyber space there is no physical existence or evidence of the fraud. This makes them difficult to track.
Thanks to technology, fraudsters find ways to cover the IP address from which they are operating. They use proxy servers, socks chains, Virtual Private Network�s and dedicated servers to cover their IP addresses.
Infact things are so worse that the fraudster doesn�t have to be tech savvy to do all this. There are many websites that provide this kind of service. For those fraudsters who want to play it really safe they turn to underground sources where other fraudsters provide the service � �how to cover your IP address�.
Threat to e-commerce Industry
Life is not the same since the inception of internet and e-commerce. With a single click of your mouse you could be traveling thousands of cyber miles within fraction of a second. Transactions worth billions happen at a click of Mouse. People see their banks in their computers and have started doing their banking and credit card transactions via Web. People started to shop in the virtual world. Many super virtual stores carved their niche in this world.
Phishers have taken this as their sole point of existence - started infecting online users with scam emails, with key loggers and started monitoring their online information. This is nothing but Identity Theft. They also started creating scam pages that would look like a copybook of the authentic websites. Innocent and unsuspecting users visit these pages and provide sensitive/personal information like credit card information (CVV code/billing details), debit card information including PIN (Personal Identification Number), Banking Details like Logins, Account/Routing number, SSN (Social Security Number) and other sensitive information including passwords.
Amount worth billions of dollars is lost and no one is able trace them. In 2006 the amount of money lost in identity fraud is estimated to be $55.7 billion. Apart from the money that is lost in these transactions, the very reputation of the genuine organizations is at stake. It becomes so bad that unless you are cautious you never know who's watching your computer and where you're landing when you open up a web page.
Apart from innocent people, all credit card companies, banks and e-commerce companies are the victims of Phishers activities. All these frauds are a major threat to the e-commerce industry on the whole and unless this is stemmed from the root, the trust of users on making transaction over the internet will be lost.