There is No Money in Phishing (But It Still Won’t Go Away)
Posted by admin, under General, Information, News, Technology
Phishing, the highly illegal scam of tricking people into revealing their logins and passwords by creating fake emails, Twitter messages, and/or websites, does not actually make phishers a lot of money. A new paper (PDF) by Cormac Herley and Dinei Florencio from Microsoft Research argues that the basic laws of economics still apply to phishing. As phishing becomes easier, and as 'phishing kits' are being sold for less than $100, the actual income for each individual phisher has to come down. Phishing has become a "low-skill, low-reward business."
While, as the authors point out, the media has portrayed phishing as an easy (and illegal) way to make money, the reality is that too many phishers have joined the fray and that the income per phisher has been greatly depressed because of this.
Phishers typically sell the logins and passwords they have harvested through their scams to other criminals online, who can then easily commit identity theft.
Losses from Phishing Have Been Exaggerated
The authors also argue that the economic losses from phishing have been greatly overstated. Herley and Florencio argue that the numbers don't 'survive basic sanity checks,' yet are widely quoted. At the same time, these mythical numbers lead more phishers into the business, which then depresses the per person income even more. According to PayPal's chief information security officer Michael Barrett, phishing "is not even in the top five threats" that could cause losses at PayPal.

Why Phishing Will Continue
The paper, however, also points out that this lack of revenue does not mean the end of phishing. Phishers, the authors argue, are not necessarily making rational economic decisions. Instead, their vision is clouded by by hopes of 'hitting the jackpot' (even when revenue is going down), and a constant barrage of reports of 'easy money' that will lead phishers to believe that revenue will go up again. Also, because phishing is generally considered to be very 'easy,' a constant stream of newcomers will replace the retired phishermen. The authors note that this cycle can only be broken through providing better information about the economic reality of the phishing business to potential phishers.
(hat tip to Steve Ragan at the Tech Herald)
CC-licensed image courtesy of Flickr user ToastyKen
Discuss
Our favorite URL shortening service,
Opera plans to unveil a new version of its SDK today that will allow Opera's partners to create a more uniform browsing experience across multiple devices and platforms. The new version of the
The new version of the SDK also includes Opera's new hardware-accelerated zooming capability for devices with small screens. While not as elegant or intuitive as Apple's multi-touch gestures, Opera Zoom, which saw its debut on the Nintendo Wii, does work quite well.
Searching by terms is great. But some things are just easier to find when you can actually look at them - especially if you tend to be more visually oriented. Book dust jackets, album covers, and product packaging, for example, tend to register with some people far more easily than names. And, then of course, there's video. When you're looking for a video, you're likely looking for that video. So, wouldn't it be great if you could quickly scan thumbnails to find that YouTube video you were seeking? Now, you can with
Commenting on blogs is - by and large - broken. Designed with the hope of proffering interaction among bloggers and readers, commenting has generally devolved into a series of one-off responses with little actual conversation. Why? It's not designed to facilitate conversations. That's why you see any number of people -
In what appears to us to be a new addition to many Google search results pages, queries about birth dates, family connections and other information are now being responded to with explicitly semantic structured information. Who is Bill Clinton's wife? What's the capital city of Oregon? What is Britney Spears' mother's name? The answers to these and other factual questions are now displayed above natural search results in Google and the information is structured in the traditional subject-predicate-object format, or "triples," of semantic web parlance.


A 


While today's Apple Keynote was
The application has most of the features you would expect from a full-featured online meeting client on the desktop. Users can view the shared content, see a list of participants, and chat with other attendees.