Phishers, hackers and insiders |
 |
By Lance James
23 Mar 2006 | SearchExchange.com |
|
|
For the high-quality, high-volume approach to be fast and efficient, many phishers incorporate hacking to steal information. To phishers, of course, this information is not about the emails only, since any confidential information they can get their hands can be gold to them. More and more e-commerce sites are being targeted by hackers who want to gain access to email addresses, credit card numbers, mailing addresses, and any other personal information regarding consumers. With both the rising threat of "insiders" along with public awareness of all the phishing attacks they read about in the news, the real threat is how much is not actually discovered or reported.
In June 2004, an AOL employee was arrested for stealing the company's entire subscribers list and selling it to spammers (http://money.cnn.com/
2004/06/23/technology/aol_spam/). That list contained over 30 million users' email addresses and 90 million screen names. A 21-year-old was arrested for having access to T-Mobile's 16 million subscriber database (http://news.
com.com/T-Mobile+Hacker+had+limited+access/2100-7349_3-5534323.html), and shortly after his conviction, celebrity Paris Hilton's Sidekick data was posted publicly on the Internet by an unknown hacking group (www.drudgereport.com/flash3ph.htm).
The real concern is that the access people like these
have could be potentially worse than targeting celebrity information;
we know that one person had access to the database,
but how many others might have access? This would include
16 million high-quality email addresses, not to mention
a lot of private information regarding customers.
It has been observed that even some banks have had
insiders who might have had access to not only internal
banking procedures but also personal customer
financial information. This type of information is worth
a lot of money to the right people, since elements
of the information could be sold to different types of buyers.
Coupled with the already overwhelming existence of
phishing attacks, the last thing a bank needs is to have
a "mole" on the inside assisting phishers for profit.
10 tips in 10 minutes: Phishing exposed
 Home: Introduction
Tip 1: Email basics for Exchange admins
Tip 2: Understanding email delivery
Tip 3: Anonymous phishing email
Tip 4: How phishers forge email headers
Tip 5: Phishers use of open relays and proxy servers
Tip 6: How phishers send anonymous email
Tip 7: Phishers techniques for email harvesting
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam; phishing tools of the trade
Tip 10: Phishing email and spam filters
This chapter excerpt from Phishing Exposed, Lance James, is printed with permission from Syngress Publishing, Copyright 2005. Click here for the chapter download.
|
|
|
|
