Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you. A lot of days I don’t feel so good. Today I feel better. The FBI just announced they will arrest nearly 100 people involved in a phishing scheme.
The FBI calls it Operation Phish Fry. Operation Phish Fry means that someone in the FBI loves a bad pun. But the important thing is it means that a whole bunch of bad guys are going to jail. It’s not going to eliminate all phishing attacks (we detected 55,389 phishing Web site hosts in 2008 alone). But this latest move takes a lot of bad guys off the Internet and serves as a warning to others. Even those who think they are protected because they are overseas. Reports are that half the gang was in Egypt, but the Egyptian authorities are going after them too.
It’s so easy for a bad guy to put one of these scams together. They can buy email addresses, hire someone to send phishing spam out, and even buy a toolkit to run the whole thing. I can’t vouch for the intelligence of the people involved in this scam, but they didn’t have to be criminal masterminds to pull this all together, which is a point we've documented in our report on the underground economy.
And it’s easy for someone to fall for a phishing scheme. While the social engineering tricks are simple to put together, they can be very convincing. And in our daily lives, who hasn’t rushed through their email, not reading carefully, not thinking about the possible consequences of clicking on a link? I think our brains are programmed to click first and think later.
What’s been hard is catching the criminals involved in this stuff. So it was good news when the FBI made their announcement. Like we said in the last ISTR, cross industry and cross country cooperation is essential to getting a handle on this problem. In this case the bad guys were after bank account information and they drained the bank accounts of their victims. But that’s not the only thing you can get phished for. The bad guys also want your email account, your social networking login, and even online shopping accounts. They have ways to turn all this into money.
The FBI and other law enforcement agencies are doing their part, and you need to do yours as well. Avoid being a victim—protect yourself. Need an education on phishing and how to protect your information? Then check out this video: http://www.youtube.com/watch?v=Ao20tAS3x3I It will explain how phishing works and what you can do to protect yourself. It will only take a couple of minutes to watch, and afterwards you’ll feel better. I’ll feel better too.