Phishing (emails asking for credit card info)

Phishing involves those scam emails that try to lure us into turning over credit-card information to a website that, while designed to look like, say, eBay, actually belongs to a phisher. Understanding how they work might be helpful to prevent falling in that trap - Indira.

Phisher Tales: How Webs of Scammers Pull Off Internet Fraud

Explanations about the source of the Internet's phishing epidemic often involve exotic tales of Asian gangs or the Russian Mafia. It turns out, though, that your average phisher is much more likely to be someone like "C-Power," who is probably a teenager somewhere overseas with a computer in his bedroom and a lot of alarming friends in his buddy lists.

"I have...PayPal [and] eBay logins...I wanna trade," said C-Power in an Internet chat room last week, talking to anyone who would listen. "Serious traders [contact] me for a legit trade."

How long have you been trading, Mr. Power is asked.

"A long time," he replies.

The person talking to C-Power is Christopher Abad, a San Francisco researcher who has spent much of the last six months stalking the phisher underground.

Mr. Abad works for Cloudmark, a San Francisco company whose products combat phishing and other forms of spam. One day late last year, Mr. Abad was on the Internet Relay Channel, or IRC, a global online chat system that is best known as the lair of various digital bad guys.

He noticed a chat room titled "Washington Mutual," after a bank that has been a favorite of phishing scams. (Mr. Abad would discover why soon enough.) One thing led to another, and Mr. Abad found himself spending hours a day online, chatting with phishers and charting out their world.

The typical phisher, he discovered, isn't a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag.

If, in the early days, phishing scams were one-person operations, they have since become so complicated that, just as with medicine or law, the labor has become specialized.

Phishers with different skills will trade with each other in IRC chat rooms, says Mr. Abad. Some might have access to computers around the world that have been hijacked, and can thus be used in connection with a phishing attack. Others might design realistic "scam pages," which are the actual emails that phishers send.

A phisher, just like his spammer cousin, sends out hundreds of thousands or even millions of emails, knowing that only a tiny fraction of the recipients will respond. These responses vary in quality; the best is a "full," which includes everything about the victim, such as name, account number, PIN and mother's maiden name.

But even if a phisher has a "full," the real work has yet to begin. The goal of most phishers is to use the information they glean to withdraw money from your bank account. Western Union is one way. Another is making a fake ATM card using a blank credit card and a special magnetic stripe reader/writer, which is easy to purchase online.

A phisher, though, may not have the wherewithal to do either of those. He might, for instance, be stuck in a small town where the Internet is his only connection to the outside world. In that case, he'll go into an IRC chat room and look for a "casher," someone who can do the dirty work of actually walking up to an ATM. Cashers, says Mr. Abad, usually take a cut of the proceeds and then wire the rest back to the phisher.

Certain chat rooms are thus full of cashers looking for work. "I cash out," advertised "CCPower" last week on an IRC channel that had 80 other people logged onto it. "Msg me for deal. 65% your share."

The average nonphisher might wonder what would prevent a casher from simply taking the money and running. It turns out, says Mr. Abad, that phishers have a reputation-monitoring system much like eBay's. If you rip someone off, your rating goes down. Not only that, phishers post nasty notices about you on IRC. "Sox and Bagzy are rippers," warned a message posted last week.

Phishers, not surprisingly, are savvy about their targets. For instance, it wasn't just a coincidence that Washington Mutual was a phisher favorite. Mr. Abad says it was widely known in the phishing underground that a flaw in the communications between the bank's ATM machines and its mainframe computers made it especially easy to manufacture fake Washington Mutual ATM cards. The bank fixed the problem a few months ago, Mr. Abad says, and the incidence of Washington Mutual-related phishing quickly plummeted. (A Washington Mutual spokesman confirms the account, but notes that the same vulnerability existed at some other banks as well.)

Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters. One thing that's different about phishers, he says, is how little they like to gab.

"Real hackers will engage in conversation," he says. "With phishers, it's a job."