Don't get that bait, phishing
Internet crime often starts with phishing, the practice of sending out reams of cleverly worded email to try and dupe users into revealing bank account or log-in credentials via a fraudulent Web site, says a security expert. “The Web is under attack,” says Phillip Hallam-Baker, principal scientist at VeriSign Inc, who gave a session Thursday on Internet crime at the W3C (World Wide Web) conference in Edinburgh, Scotland, this week. Phishers send e-mail that say users’ account information has expired or needs updating. The e-mail includes links to a site that may look very similar to their bank Web site, but isn’t. Once those credentials are obtained, criminals use the information in a variety of creative and costly scams.
The tools to commit e-crime are for sale on the Internet. Mounting an attack on millions of Internet users can be done for a little as Rs 13,500 ($300), Hallam-Baker said. Networks of computers under the control of hackers, called botnets, can be rented to send spam. Also for sale are lists of up to 100 million e-mail addresses.
Hallam-Baker said one Russian hacker will create a custom rootkit—a method to hide a piece of malicious software deep in a computer’s operating system—for about Rs 2,700 ($60).