Dhanjani: I clearly remember how we stumbled upon this information. We happened to be studying a simple server side script from a phishing kit. The script was part of a ready made site for a popular bank. All the script did was to take the information submitted by the victim an email it to the phisher at a particular email address. We noticed that the script put some static text in the subject line of the outgoing email in order to help the phisher identify the emails. We decided to Google for that particular string. The results completely stunned us. Social Security numbers, bank account numbers, dates of birth, ATM PINs, addresses, credentials to online banking accounts, all out in the open, a lot of which was collected from victims only a few hours ago. A simple Google search led us to a whole new world where phishers were trading this information in different languages around the world. This sort of exposure can ruin people's lives - yet it was right there, out in the open. It was quite unnerving.
Rios: Even phishers need to communicate! Many think that phishers are lone individuals who are anti-social sitting in a dark basement in some dark corner of the world. The reality is there are entire social networks dedicated to helping phishers communicate details on new scams, phishing kits, and to buy and sell identities. Many of these conversations occur on publicly accessible forums and websites, but the difficult part is knowing where to find these forums and sites. As everyone knows, search engines are great at crawling the most obscure sites on the Internet. Once we had an opportunity to see the source code of a few kits, we could key off of some key signatures, which resulted in our favorite searching engine leading us to forums where phishing scams were being discussed and web sites where identities were being bought and sold. Once we had access to these forums, we now have another set of key signatures (phisher aliases, handlers, more phishing kits, jargon, etc) to find even more forums and sites, which basically lead us into what seems like a never ending spiral of phishing and ID theft forums and sites.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.