It’s easy to understand the recipient’s anger. Receiving a phish whether on the phone or through email can seem like a personal invasion. They’ve got your number. They know where you bank. They know that you use e-Bay. Or do they?
The whole reason these scams fall into the phishing category is because like actual fishermen, phishers throw out a lot of bait in hopes of making even just one catch. They don’t really know where you specifically conduct financial business, but there making a pretty good guess.
Phishing scams can be documented as early as 1996. Back in 2003, Internet access provider Earthlink became so angry over phish scams sent in their name that they went on a manhunt. What they found was a bunch of kids in Eastern Europe and Asia. Today it’s not uncommon for more than 250,000 phishing attempts to be sent in one day against any one financial institution. But it’s not just bored teenagers anymore. Phishing has become a complex organized crime. According to a report by Cloudmark, Inc. “Phishing does not occur in isolation, but rather, operates within a complex network. In fact, individuals involved in phishing do not typically understand how to orchestrate an entire phishing attack.”
This flow chart (you can click to enlarge) created by Cloudmark shows the various steps in creating a single phish scam. The individuals involved in each component probably don’t all know each other they are just performing their task.
The recipient lists can be acquired in numerous ways. One way is to just randomly generate email names with common provider extensions. Another is purchase lists via the black market. It isn’t unusual for one individual to receive phish scams from several financial institutions within a few days. Remember, their phishing to get the right bait.
masked woman by greendragonflygirl
No comments:
Post a Comment