Phishing as a day-job

A single person in Nigeria is responsible for creating 1,100 phishing sites, as reported by Phishlabs after clever experiment that allowed them to monitor the use of phishing toolkits in the wild. The fraudster set up two to three phishing sites a week.

Meanwhile, the Anti-Phishing working group attributes two thirds of phishing attacks to a gang called "Avalanche."

About a year and a half ago, investigators at Charleston, S.C. based PhishLabs found that one particular backdoor that showed up time and again in phishing attacks referenced an image at a domain name that was about to expire. When that domain finally came up for grabs, PhishLabs registered it, hoping that they could use it to keep tabs on new phishing sites being set up with the same kit…

PhishLabs determined that most of the phishing sites were likely set up by a single person — a man in Lagos, Nigeria that PhishLabs estimates was responsible for about 1,100 of the phishing sites the company tracked over the 15 month experiment.

"This guy was setting up two to three new phishing sites each day," Phishlabs founder and president John LaCour said. "If you accept conservative estimates, that this guy is stealing about 10 [sets of] banking credentials per phish, and that conservatively each of these stolen credentials causes $500 in losses, we're talking about more than $4 million a year he's probably making."

When PhishLabs plotted the guy's daily online activity, the resulting graph displayed like a bell curve showing the sort of hourly workload you'd typically see in a regular 9-5 job, LaCour said. "In the middle of the day he's super busy, and in the mornings and evenings he's not. So this is very much his day job."

Teach a Man to Phish…