Professional Documents
Culture Documents
Mary John
66.165.106.111 Tim
Tomas
Frank
Evan
61.152.175.161
152.146.187.172
Jan George
Ramona
Phil
Charlie
Elisa
161.58.214.148
Herman Dom
210.114.175.226
June
Scott
Lana
195.75.241.4 Luann
Vadim
Andy
Tonia Venkat
212.250.162.8
Chao 211.23.187.151
Joe Oliver
Phishing Steps
•6)Collect
–Example:
•2,000,000 emails sent
•5% get to a real end user – 100,000
•5% click on the link – 5,000
•2% enter data into the site – 100
•Average of $1,200 per incident or $120,000
•Not bad for about 14 hours!!
Phishing Gangs
•David Levi – UK
–6 people
–$360,000 from 160 people
–Arrested in 2006
•USA and Egypt Gang
–100 people
–Egypt created websites and emails
–US side laundered the money
•Romanian Gang
–70 people
–$1,000,000 transferred from bank account to western
union
– Arrested May 2010
Phishing Gangs
•Largest current gang is Avalanche
–2/3 of all phishing comes from this gang
–4,272 attacks in the first quart of 2010
–1,624 domains are theirs
–They have had a sudden decrease in email
phishing and have instead switched to malware
phishing
Phishing Gangs Infrastructure
•Not just a individual
–Creative department
•Create email, website
•Come up with DNS names
–Admin department
•Pay role
•Office space rent
•President, etc…
–Money Launderer (Mule)
Money Laundering (the Mule)
•People create accounts on banks they are
about to attack.
–Transfer the stolen account/id from one account
to the other.
–Cash out.
–Close the account
•“Make money at home”
–Dad has money sent to his bank account
–Dad then wires the money to another bank
–Dad get 10%
–Small amounts are transacted ~$3-5K
Money Laundering (the Mule)
•“Financial Operations Manager” job
•“Help young cancer patient transfer funds”
•“African finance minister”
•…
Phishing Ecosystem
Construct Launch Collect
• Account Info
• Credit Info
Email Email & Sending Hosting • Identity Info
Phishing Kit
list Web site Machines Sites • Logins &
Passwords