The evolution of phishing schemes

Article by LABC

Phishing is a potentially devastating threat to the personal lives of those it affects.

The first cases of phishing attacks were observed in the mid-1990s, targeting America Online (AOL). Instant messages or e-mails convinced users to reveal their AOL passwords. With this information, the criminals took control of the victim’s AOL account.

Phishing scams money

AOL set up effective measures against phishing, but the potential of the criminal method had been revealed and phishing was extended to other organisations.

At this stage, the phishers were still operating at an amateur level. Scam e-mails were easily distinguished by a concentration of grammatical errors, just as the landing websites attracted attention through inaccuracies of various kinds.

Less observant victims did not notice these warning signs and revealed passwords, credit card numbers and other sensitive data. The more careful ones trained themselves to find errors and differences with authentic sites but this often made them overconfident in their ability to avoid traps.

Phishers become professionals

It was a common misconception that a site that was grammatically and spelling impeccable had to be authentic. This was a big misconception.

Phishers have become professionals. They work with kits that include Web pages and e-mails copied from the originals.

Web pages have become more and more accurate copies of sites and phishing e-mails are well written and manage to evade spam filters.

The profile of a phisher has changed. Originally a teenager in the basement of his house planning pranks, phishers now operate in well-organised groups with financial objectives.

Who are they?

They are always looking for ways to maximise their profitability and operate mainly during the week rather than at the weekend.

Much of the production process is outsourced: a phisher may also ‘rent’ a compromised web server for phishing pages; outsource the sending of phishing e-mails to a third party on another compromised system; and purchase a list of e-mail addresses of potential victims to attack.

How do they work?

After a phisher obtains credit card numbers and other credentials from its victims, ol phisher sells the information.

These underground markets have been active for some time. Some groups in these underground channels have developed a reputation in the criminal environment.