Phishers, hackers and insiders |
 |
By Lance James
23 Mar 2006 | SearchDomino.com |
|
|
The following is tip #8 from "Phishing exposed -- 10 tips in 10 minutes," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.
For the high-quality, high-volume approach to be fast and efficient, many phishers incorporate hacking to steal information. To phishers, of course, this information is not about the emails only, since any confidential information they can get their hands can be gold to them. More and more e-commerce sites are being targeted by hackers who want to gain access to email addresses, credit card numbers, mailing addresses, and any other personal information regarding consumers. With both the rising threat of "insiders" along with public awareness of all the phishing attacks they read about in the news, the real threat is how much is not actually discovered or reported.
In June 2004, an AOL employee was arrested for stealing the company's entire subscribers list and selling it to spammers (http://money.cnn.com/
2004/06/23/technology/aol_spam/). That list contained over 30 million users' email addresses and 90 million screen names. A 21-year-old was arrested for having access to T-Mobile's 16 million subscriber database (http://news.
com.com/T-Mobile+Hacker+had+limited+access/2100-7349_3-5534323.html), and shortly after his conviction, celebrity Paris Hilton's Sidekick data was posted publicly on the Internet by an unknown hacking group (www.drudgereport.com/flash3ph.htm).
The real concern is that the access people like these
have could be potentially worse than targeting celebrity information;
we know that one person had access to the database,
but how many others might have access? This would include
16 million high-quality email addresses, not to mention
a lot of private information regarding customers.
It has been observed that even some banks have had
insiders who might have had access to not only internal
banking procedures but also personal customer
financial information. This type of information is worth
a lot of money to the right people, since elements
of the information could be sold to different types of buyers.
Coupled with the already overwhelming existence of
phishing attacks, the last thing a bank needs is to have
a "mole" on the inside assisting phishers for profit.
Phishing exposed -- 10 tips in 10 minutes
 Home: Introduction
Tip 1: Phishing and email basics
Tip 2: Phishing and the mail delivery process
Tip 3: Anonymous email and phishing
Tip 4: Forging headers and phishing
Tip 5: Open relays, proxy servers and phishing
Tip 6: Proxy chaining, onion routing, mixnets and phishing
Tip 7: Harvesting email addresses and phishing
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam and phishing
Tip 10: Fighting phishing with spam filters
This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.
|
|
|
|
