Phishing: The Devil's in the mail

Article published on March 20, 2006
Article published on March 20, 2006

This article has not been vetted by an editor at Paris HQ

With the help of fraudulent emails, phishing gangs use the internet to lift account details. Many cyber thieves come from former Eastern bloc countries, but these states lack technical resources to stop them.

“Dear customer. We are pleased to announce that online transfers with our bank have become more secure!” This is how a classic phishing email begins. The email user is then asked to submit personal data via the falsified website of a credit institute – name, account number and PIN. If these instructions are followed the user will soon find their bank account cleared out. The phishers have struck.

Young, highly qualified, well-organised

Phishers seek to build trust with official-looking emails that use established company or brand names. Phisher ‘favourites’ are organisations with a global reach such as eBay or Citibank.

Phishers are mainly young and highly qualified. Some cyber gangs count over 4,000 members, many are organised through a strict hierarchy. They establish cross-border markets via the internet and prefer to organise their money transfers with the uncomplicated payment system ‘e-gold’ in the Caribbean or ‘WMR’ in Moscow.

Cyber thieves often originate from countries with low living standards. Christoph Fischer, an IT security consultant from Karlsruhe, points to the many ‘outstandingly educated’ programmers from the former USSR that became unemployed after the collapse of communism. “Many black sheep of the sector are found in Belarus, the Ukraine, the Baltic, but also in Romania and Kosovo,” according to Fischer. “For a handful of euros, their integrity is left outside and they offer themselves as IT mercenaries.”

Designer clothing and luxury underwear

As the example of Bulgaria illustrates, the authorities in these countries have problems controlling the phishers. At the beginning of February 2006, the Bulgarian parliament’s Committee for Children, Youth and Sport sat in Sofia. There, the IT security expert, Javor Kolev, from the Bulgarian National Services to Combat Organized Crime (NUCOC) emphasised that, “when a phishing website goes online, we will receive a signal and immediately block it – within the following five minutes.”

This method has apparently functioned anything but smoothly. The announcement had been made only a couple of days when NSCOC arrested eight young men and women on charges of phishing and credit card misuse. The young Bulgarian group was apparently part of a bigger international fraud ring. It had rebuilt the online-payment system of Microsoft and stolen American credit card data. The phishing website must have been online for considerably longer than five minutes as the criminals had enough time to procure sufficient amounts of data. Afterwards, they ordered designer clothes, luxury underwear and software from strangers’ credit card accounts to the value of more than 50,000 euros.

Compared with the worldwide dimension of fraud cases, 50,000 dollars is almost peanuts. In the USA alone, the losses through phishing attacks amounted to 2.75 billion dollars in 2005, the US marketing institute Gartner discloses.

The technical resources of security officials in the countries of the phishers are often miserable and their justice systems exhibit big loopholes. During his statement to the committee, Javor Kolev emphasised that NUCOC does not have a DSL internet connection and the employed system administrators have no knowledge of Linux or Unix, despite these being the most favoured operating systems on the phisher scene.

Distrustful Europeans

The phishers are constantly renewing their methods to lift the data of email users. “Phishers play a sophisticated game with the fears of the user,” stresses Günther Ennen from the Federal Office for Information Security (BSI) in Bonn. “There are particular keywords – such as ‘bird flu’ currently – that cause email receivers to switch off their sense of reason and reflexively open their mail.” The email “You have purchased tickets for the World Cup!” should be erased if tickets have not previously been ordered. According to the BSI, the warning signs to look out for to avoid phishing are emails that are impersonal, prioritised as ‘urgent’, contain threats or grammatical errors and demand the entry of personal data.

In the meantime, however, cyber thieves have discovered a new means to steal data. “Phishing emails were yesterday,” says Christoph Fischer. “Trojan programmes today rob not only data from credit cards and bank accounts, but everything that is typed into the keyboard of a PC, an entire identity.” The developers of anti-virus programmes cannot keep up with the impact of continually new viruses, trojans and malware. Fischer says that there are 30 to 40 new trojans worldwide daily.

An end to data phishing is not envisaged. In 2005, corresponding attacks doubled in comparison to the previous year. In view of Europe, Christoph Fischer is confident. The online payment systems in Europe are more secure than those in the USA, and Europeans are on the whole more distrustful when they receive unknown emails.