Analysing phishing white noise
Phishing is a big problem, and it grows in both volume and sophistication. Nothing new. The sky is falling. You've been warned.
There's one thing that was bothering me for a while: why the absolute majority (at least four out of five) of the phish that I receive in my personal mailbox appears to be from Fifth Third Bank, an American financial institution?
There's only one logical explanation of that: stupidity of the perpetrators.
This is what happens: they become a part of a illegal get-rich-quick scheme. They pay money to people who claim fortune from phishing and ready to share the technique for a small fee. They receive a kit that contains a ready to use phishing Web site (the Fifth Third bank) and the instruction. They use it as is, without modifications. They have not much luck phishing, and they start to resell the kit.
Cybercrime underworld isn't much different from the traditional criminal worlds. It's full of deception. Go to any hangout of the cybercriminals (i.e. www.carder.info) and you'll observe a toxic place with a bunch of sad liars who try to get a buck from each other and aspiring criminals as much as they want to defraud naïve Internet users.
And financial outcome of phishing won't be that great. In Freakonomics, Steven D. Levitt and Stephen J. Dubner ask a question - why do drug dealers still live with their moms? - and give the answer. Phishers are officially into the high tech crime, but the outcome won't be much different. The phishing white noise is the proof.