[SWLUG] How I deal with Bank phishing

[Steve Hill]

On Wed, 14 Dec 2005, Neil Jones wrote:

> Of course that is an obvious thing to do but these guys have got it
> worked so they get the info before they get shut down. They know they're

Getting them shut down reduces the amount of data they can collect - if they're 
shut down within an hour of sending the spam they're going to get a lot less 
data than if it's left running for days.

> going to get reported. Quite often anyway they are running sites with no
> domain name and only and IP address which is a bit more difficult to
> trace down with absolute certainty.

Actually, tracking down a machine when you know the IP is easier than tracking 
down a machine when you only know the DNS name because DNS can be changed (and 
indeed can point at multiple IPs).  If you know the IP the ISP can easilly 
check to see which customer was allocated that IP at the time in question (or 
for static IPs the same customer always gets the same IP).

> I don't know exactly how phishers access the money from the account
> details they get. I get the basic idea of course, but it is difficult to

Most phishing scams I've seen rip off a bank's web-banking login screen (so 
they will be able to log into your web-banking account and transfer the money 
out) or ask for credit card details (it's obvious what they can do with that).

Money laundering uses well established methods that do work - set up a bunch of 
bank accounts using fake IDs, spread them across a few continents and transfer 
the money lots of times and suddenly it's way too difficult to follow the money 
trail, especially if the money is split up and transferred in chunks to many 
different accounts.

-- 

  - Steve
    xmpp:steve at nexusuk.org   sip:steve at nexusuk.org   http://www.nexusuk.org/

      Servatis a periculum, servatis a maleficum - Whisper, Evanescence