We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Identities for sale for just 25p

Phishing kits rampant, according to Symantec

Symantec has today unveiled the results of its latest Internet Threat Report, revealing a 53 percent rise in the number of phishing messages January and June 2007.

According to Con Mallon, Symantec's product marketing manager, consumer division, there is now a sophisticated underground economy that trades in phishing kits and stolen identities.

While not quite as straightforward or transparent as an online sales site such as Amazon or eBay, an established underground economy is doing a brisk trade in personal information and readymade phishing kits that can be used to spoof websites with the express purpose of 'phishing' for visitors' personal details. The security firm said cyber criminals selling such information via forms of pyramid schemes can earn around £4,500 a week.

Other kits can be used to target email addresses. In both cases, buyers are using them primarily for financial gain.

The trend towards such a "commercialisation of threats" means that phishing attempts and other exploits are no longer solely the domain of those with the technical skills to write the necessary code; instead, for just a few pounds, other companies can buy readymade kits off the shelf.

If you know where to look and spend some time building up your credibility on the relevant underground web forums, buying such kits is relatively easy. Symantec's Mallon says it's a matter of who you know online, rather than seeking out such underground sites using traditional search tools.

Symantec's Internet Security Threat Report found that credit cards were the most popular item advertised, accounting for 22 percent of all goods for sale on underground economy servers. The US is the top host of such underground economy servers, accounting for 64 percent of those known to Symantec. Germany and Sweden were the next most common countries where such servers were found.

Credit cards were sold from as little as 25p and for a maximum of £2.47 while complete bank account details - at 21 percent, the second-most common type of detail sold - cost from anywhere between £15 and £198.
Symantec found email passwords being traded from 50p and complete identities starting at £5.

The US was also the most common country from which ID theft and phishing attacks were launched, with a quarter of all attacks originating from there. China was next, originating 13 percent of phishing attacks. The UK was joint fifth with Spain, both of which accounted for five percent of attacks. Part of the reason so many attacks come from the US and the UK, said Mallon, is the popularity of the English language, making other English speaking websites and web users natural targets.

Mallon said Symantec is not at liberty to disclose how it knows of particular sites where identities are traded and phishing kits sold but said that its six-month survey detected 2.3 billion phishing messages using "a number of techniques".

Rather than explicit tools to track such attempts, the security company said it uses a range of tools and software to identify phishing messages. There are not telltale signs, but volume of traffic is a good indicator.
Another clue is in the IP (internet protocol) address: 86 percent of all phishing websites reported to Symantec were hosted on 30 percent of phishing IP addresses - something that led the company to conclude that off the peg toolkits were being used more and more. The three most widely used toolkits were responsible for 42 percent of all phishing attacks Symantec identified.

IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

How Lightroom works: Where are my photos and how do I back up?

IDG UK Sites

New 13-inch Retina MacBook Pro (early 2015, 2.7GHz) review: Just about the greatest upgrade any...