Hackers and cyber criminals constantly change up their methods to catch unsuspecting victims in new ways, which can make stopping them a challenge. A Moroccan group of hackers named Mr. Brain recently turned the tables on its own by creating a program to target aspiring Internet scammers. As potential cyber criminals set up fraudulent Web sites to steal from consumers, they’re unknowingly sending their intended victims’ sensitive information back to Mr. Brain headquarters, allowing the novices to essentially do the work for them.
Paul Wood, senior analyst at MessageLabs, commented on how the process of more experienced hackers targeting amateur phishers has evolved.
“The way threats evolve in an Internet environment is that highly specialized individuals or groups who have access to the vulnerabilities around particular applications develop tools to target them,” he said. “That requires some specialist knowledge, especially programming skills.”
According to Wood, as these specialists commoditize their phishing knowledge into more user-friendly tool kits, the number of attacks has increased greatly during the past few years.
“We saw the phishing numbers increase in 2007, not only in volume but also in terms of the proportion of attacks made up of phishing attacks compared to malware viruses,” Wood said. “Certainly, the vast majority of bad things intercepted at MessageLabs are phishing attacks. In January of this year, one in 147 e-mails contained some kind of phishing attack, and the reason it’s gone up is because people are now using these tool kits.”
By lowering the barrier of entry of those wishing to run a phishing scam, Wood said, it becomes infinitely easier for the real specialists, such as those at Mr. Brain, to run more scams and run them more confidentially. Less experienced cyber criminals are “almost being used as mules by the criminal fraternity because it reduces the level of risk by finding someone else to actually implement the attack and then they can skim off some of the proceeds.”