[Previous entry: "Microsoft released an anti- spyware tool"] [Next entry: "Phishing Inspector will ship on March 1, 2005"]

01/15/2005: "What is Phishing?"

I am spending large chunks of my spare time learning about phishing. What is phishing? It is a type of social hacking where the victim most often a consumer rather than a corporation. Currently, the most popular types of phishing is a fake bank solicitation to "update" user information.

Most phishing attacks are well funded operations of international criminal groups. Phishing is probably the most brazen type of cyber crime -an attempt gain access to your bank account and steal your money. A typical phishing operation requires a distribution channel, a collection channel and a group of software engineers that finds a vulnerable server, hacks into it, and sets up a fake web site.

The distribution channel is a mail server that allows relaying of third party email messages (Open Relay). By using an open relay server, a criminal group can conceal their location on the internet, IP address.
The collection channel is a compromised server from a legitimate business. The server may or may not be used as the web server by the legitimate owners. Once the server is compromised, a fake bank web site is setup to collect user information. Collected data is used to withdraw funds from user accounts.
All of the phishing channels I have monitored, have existed for a few minutes before been closed to avoid detection.

The key to successfully phishing operation is a development group. The group is responsible for monitoring hacker newsgroups and security web sites for new and existing server vulnerabilities and breaking into a would be collection server. Setting up a fake web site requires planning and lots of web development skills. Take a look into the code below: it hides Internet Explorer address bar to make it look like the user is visiting Washington Mutual web site:

Article