Article

Phishers, hackers and insiders

Lance James

    Requires Free Membership to View

You are reading tip #8 from "10 tips in 10 minutes: Phishing exposed," excerpted from Chapter 3 of the book Phishing Exposed, published by Syngress Publishing.

For the high-quality, high-volume approach to be fast and efficient, many phishers incorporate hacking to steal information. To phishers, of course, this information is not about the emails only, since any confidential information they can get their hands can be gold to them. More and more e-commerce sites are being targeted by hackers who want to gain access to email addresses, credit card numbers, mailing addresses, and any other personal information regarding consumers. With both the rising threat of "insiders" along with public awareness of all the phishing attacks they read about in the news, the real threat is how much is not actually discovered or reported.

In June 2004, an AOL employee was arrested for stealing the company's entire subscribers list and selling it to spammers (http://money.cnn.com/ 2004/06/23/technology/aol_spam/). That list contained over 30 million users' email addresses and 90 million screen names. A 21-year-old was arrested for having access to T-Mobile's 16 million subscriber database (http://news. com.com/T-Mobile+Hacker+had+limited+access/2100-7349_3-5534323.html), and shortly after his conviction, celebrity Paris Hilton's Sidekick data was posted publicly on the Internet by an unknown hacking group (www.drudgereport.com/flash3ph.htm).

The real concern is that the access people like these have could be potentially worse than targeting celebrity information; we know that one person had access to the database, but how many others might have access? This would include 16 million high-quality email addresses, not to mention a lot of private information regarding customers.

It has been observed that even some banks have had insiders who might have had access to not only internal banking procedures but also personal customer financial information. This type of information is worth a lot of money to the right people, since elements of the information could be sold to different types of buyers. Coupled with the already overwhelming existence of phishing attacks, the last thing a bank needs is to have a "mole" on the inside assisting phishers for profit.


10 tips in 10 minutes: Phishing exposed

 Home: Introduction
 Tip 1: Email basics for Exchange admins
 Tip 2: Understanding email delivery
 Tip 3: Anonymous phishing email
 Tip 4: How phishers forge email headers
 Tip 5: Phishers use of open relays and proxy servers
 Tip 6: How phishers send anonymous email
 Tip 7: Phishers techniques for email harvesting
 Tip 8: Phishers, hackers and insiders
 Tip 9: Sending spam; phishing tools of the trade
 Tip 10: Phishing email and spam filters

This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: