Jump to content
100

Phisher's Dictionary

Recommended Posts

Who are Phishers and what do they do?

Phisher (pronounced as “fisher”) is a term used for a person who does the act of Phishing.

PHISHERS are like parasites in this Web World, who take the advantage of the vulnerabilities in the system and pose a big threat to the very existence of Online Transactions.

Phishers are basically fraudsters who use social engineering tricks on the Internet and some harmful software to pry on your important personal and financial information. They gather important information like your bank logins or credit card information and then use it like their own.

Phishers Psychology

An insight into the Phishers mind will reveal that not all of the Phishers do it for money. There are some who do it because they think it is fun. Some others do it because they get a kick out of it. Find below the common characteristic traits of these fraudsters

They mostly fall under the age group of 15 to 30.

They are easily susceptible to online crime because of easy access to internet and also because of the negative environment they grow up in.

They don’t fear being caught or their identity being revealed because it’s on the internet and there’s no physical appearance at any point of time.

Most of them wish to make big money in short time. On a good day, they even make $20,000 to $50,000 in 24 hours.

They think it is fun. Some start with having fun then get into serious crime.

Mostly the fraudsters are from poor nations or developing countries.

They hardly bother about victim’s emotions and feelings.

For most of them, it’s their job to make a living.

They have unlimited access to technology and have extremely good technical expertise.

They are smart and often think of innovative ways to cheat people.

Target

The most favorite target for the fraudsters are innocent people who are not aware of the various kinds of technology frauds that are prevalent. Also among the target are people who are not so savvy with the computer and who are usually lured with the prospect of making easy money or dating.

When it comes to targeting large organizations, the Phishers usually target the financial organizations because these organizations do a lot of financial transactions everyday and all of their work and information is dependant on technology.

Tricks and Techniques

The Phishers or fraudsters use all the tricks and techniques of social engineering to trap innocent victims. The victims usually fall prey to what seems like a genuine request for personal and financial information.

Phishing

One of the common ways of phishing is to use a Web design and URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. You then enter your account details and password (sadly, it’s for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters. This is when your account becomes susceptible to use by the fraudster in any way as he pleases

Dating Scams

Fraudsters pose as beautiful girls and enroll themselves in various dating and social networking sites. Novice users not aware of this ploy get attracted to them by seeing some fake pictures/videos and contact them. Fraudsters then exploit them to the maximum extent like:

Claiming that they are in deep financial trouble and would like you to support them with some money.

Claiming that they need money as he/she wants to come to US and marry her/him.

Get bank accounts from them for transferring stolen money making them money mules

Use their address to send bill pay check (sent from compromised accounts) and asking them to cash the check at their bank account and forward the cash to them.

Using their address to send purchased goods bought by stolen cards and then asks them to forward to their country as most of the online shops do not send goods overseas.

Users need to be careful when comes to dating scams because it is an emotional loss apart from a monetary loss. They might lose trust on the Internet and people altogether.

If you are interested in dating an online partner you need to verify the partner carefully before you begin the relationship. If the partner is based overseas, then make sure to call them and verify the phone number and address of the place given by the partner. Because most of the fraudsters even though use a US or UK phone number, they use the forwarding feature of these numbers and stay overseas.

Vishing

Here fraudsters setup a fake call center using Voice over IP (VOIP). They usually send emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose.

Fraudsters often think of innovative ways to scam innocent people. Most prevalent are phishing, pharming, URL spoofing, dating or romance scams, job scams, money mules scams, over payment fraud, foreign lottery scams, pharmacy scams, auction scams, Escrow service scams, advanced fee scams, cross border scams, investment scams, charities fraud, Debt elimination scams, Nigerian letter scams or Nigerian 4-1-9 scams, Foreign lottery scams, Sweepstakes or prize scams, Work from home scams, Counterfeit cashiers checks fraud, Counterfeit money order scams, Telemarketing fraud, spam emails, spy ware, hacking and much more.

Cashing your information

Have you ever wondered how others would use your personal and financial information after they’ve stolen it from you? Below are some of the common ways how they’re used:

Identity theft – Your identity can be used to impersonate you and commit hideous crimes.

Credit card information – can be used to shop online or create a counterfeit card to shop in stores.

Bank Logins – can be used to transfer funds, pay bills or obtain loans and cards.

Debit card information - to create duplicate debit cards and withdraw amounts at ATM and Point of Sale transactions

ebay logins - to bid auctions

PayPal logins – transfer your money to other PayPal accounts

Trading accounts - to trade stocks

SSN and DL information - to create duplicate cards and get social benefits in your name or commit other crimes.

What’s worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you’re probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet.

Communication

Even in the world of cyber crime there are specialists who are experts in a particular area of crime. Some are experts in hacking, some in setting up fake websites, some in stealing credit card information etc. Though these guys are located at different parts of the world they usually meet at a common place to communicate with each other and sell each other’s expertise.

There are various means by which these guys communicate. The most common are underground forums which are not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms, messenger chat sessions or email conversations to share their services for a price and few of them go to an extent of hosting websites to sell stolen cards.

Who’s who?

Most of us are familiar with terms Phishing and Phishers, but there are many others who support them. Here are few names

Impersonators:

These guys take all the stolen data of a cardholder and contact the banks posing as the cardholder. With that information they might change the billing address to receive goods, order for a credit card, obtain a bank loan, or use the cardholder’s identity to commit crime.

Pin Cashiers:

The PIN cashiers are a group of fraudsters who specialize in making a replica of the ATM cards and then cash them at ATM's using the theft data got by ATM skimming , Point of sale skimming or phishing.

Dump Vendors:

A dump is the information of your card’s magnetic strip which includes track1 and track2. These guys sell magnetic strip data of credit cards which is either stolen at ATM's using ATM skimmers, POS scams, hacked from merchant Websites and phishing scams. They usually sell each card ranging from 10 USD to 150 USD depending on the card’s credit limit.

Bank Drops:

The role of these guys is to provide bank accounts by making common people victims of dating scams or money transferring agents so that Phishers can make bank transfers or bill pays using the stolen data.

Drops:

These guys provide legitimate address to ship goods which are bought using the theft credit cards or collect money made from auctions fraud or other frauds.

Hackers:

Hackers are those tech savvy individuals who hack into websites for credit cards or to host phishing scams. They hack into novice user computers and can use the victim’s personal or financial information for their own purpose. They might use the victim’s computers as bots (a chain of computers which can be controlled simultaneously) to send millions of spam emails or use them as proxies to cover the tracks of the original IP address.

Connectivity:

All these guys who are experts in different kinds of fraud meet at a common place like an underground forum which is not accessible to law enforcement agencies or common public. They also meet in private IRC chat rooms and messenger chat sessions to share their services, for a price of course.

Money Transactions:

These guys are located around the globe and they usually use e-currencies to transact.

Covering the tracks

One of the reasons why phishing and other cyber crimes are difficult to fight is because of the anonymity and fraudsters location around the globe. Since everything happens on cyber space there is no physical existence or evidence of the fraud. This makes them difficult to track.

Thanks to technology, fraudsters find ways to cover the IP address from which they are operating. They use proxy servers, socks chains, Virtual Private Network’s and dedicated servers to cover their IP addresses.

Infact things are so worse that the fraudster doesn’t have to be tech savvy to do all this. There are many websites that provide this kind of service. For those fraudsters who want to play it really safe they turn to underground sources where other fraudsters provide the service – “how to cover your IP address”.

Threat to e-commerce Industry

Life is not the same since the inception of internet and e-commerce. With a single click of your mouse you could be traveling thousands of cyber miles within fraction of a second. Transactions worth billions happen at a click of Mouse. People see their banks in their computers and have started doing their banking and credit card transactions via Web. People started to shop in the virtual world. Many super virtual stores carved their niche in this world.

Phishers have taken this as their sole point of existence - started infecting online users with scam emails, with key loggers and started monitoring their online information. This is nothing but Identity Theft. They also started creating scam pages that would look like a copybook of the authentic websites. Innocent and unsuspecting users visit these pages and provide sensitive/personal information like credit card information (CVV code/billing details), debit card information including PIN (Personal Identification Number), Banking Details like Logins, Account/Routing number, SSN (Social Security Number) and other sensitive information including passwords.

Amount worth billions of dollars is lost and no one is able trace them. In 2006 the amount of money lost in identity fraud is estimated to be $55.7 billion. Apart from the money that is lost in these transactions, the very reputation of the genuine organizations is at stake. It becomes so bad that unless you are cautious you never know who's watching your computer and where you're landing when you open up a web page.

Apart from innocent people, all credit card companies, banks and e-commerce companies are the victims of Phishers activities. All these frauds are a major threat to the e-commerce industry on the whole and unless this is stemmed from the root, the trust of users on making transaction over the internet will be lost.

---------- Post added at 11:44 ---------- Previous post was at 11:43 ----------

Fraudsters on the Internet don’t stop at installing key loggers and spy ware on your computer to ruin your day. They go a step further—they pry on your bank accounts, gather account information, and then use it like it’s their own. And how do they do it?

By Phishing (pronounced as “fishing”)

So what is phishing? You always admired how convenient it is for you to access your bank account online and transact. What if someone “else” could transact using that little piece of information in your head—your account password? Worse, what if you were to give it to a fraudster yourself without you knowing it? Before you dismiss that thought, let us tell you that they know of a way to make you do that.

How is it done?

Your bank’s website is where you’ll most always use your account details and password without worrying about it much. That’s secure alright, but if you were displayed a Web interface which so closely resembles that of your bank, you are subconsciously programmed to assume it to be your bank and provide your login details, which may include your account number, your credit card number, and a password. This is what the fraudster wants.

The fraudster uses a Web design and a URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. In the world of Internet fraud, this trick of sending emails to gather personal and banking information leading to identity theft is called phishing.

For example, a fraudster designs a website that very closely resembles that of your bank and hosts it at a URL, which is also similar to that of the bank (for example, your-ownbank.com instead of the original your-bank.com - Loans Resources and Information. This website is for sale!). The fraudster then sends emails (seem to be coming from legitimate sources) at random, asking you to verify or update your account details.

Here’s what the fraudster wishes will occur: you believe the “urgent” need to update your information and as mentioned in the email, you click on the link. The link takes you to the website the fraudster created (your-ownbank.com or www.fraudster-website.com/your-bank/login). You then enter your account details and password (sadly, it’s for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters (encryption is his enemy, remember!). This is when your account becomes susceptible to use by the fraudster in any way as he pleases.

What is the impact?

Phishing has been around for a few years now and growing in strength. Once your account details are gathered, you are at the mercy of the fraudster as to how they would be used—withdrawals, transfers, checks, to name a few common usages.

What can you do to avoid it?

Here are some ways of Identity theft prevention and protection from internet fraud:

When you receive emails claiming to be sent by financial institution asking you to enter your account details, DO NOT do so! Your institution already has your details and clearly would not want them again.

Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly.

Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as “Dear Customer” or “Dear Valued Customer” because they send emails randomly to a million email addresses and they even don’t know that you have an account with the bank. Your bank or e-commerce company on the other hand will refer you with your name.

DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:

The bank is trying to protect you from a fraud.

The bank needs some security and maintenance update on your account as asks for your account details.

You are to receive a refund.

You are to receive a prize

If you receive such email always check back with your back directly or speak to the customer service representative of the bank.

NEVER enter your credit card details and password in a website which you suspect is not genuine.

DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.

DO NOT open unsolicited emails.

It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.

Verify a website’s URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.

Log in to your accounts regularly and look for account transactions that you do not recognize.

DO NOT send your account details and/or password over an email to anyone.

Check that the Internet connection you are using is secure. Look for the lock at the bottom or https (an‘s’ appended to ‘http’) in the address field of your browser. These indicate that the connection is a secure one.

Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.

Sharing and Caring

The fight against phishing requires one crucial resource that is at your disposal—knowledge. You know what phishing is and what havoc it could cause to a novice Internet user. Therefore, please share information on this form of Internet fraud with your family and friends.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...