The Economics of Phishing

Years ago, phishing used to be like fishing at least in respect to the preparation and the patience required for the fisherman to catch something. Nowadays, phishing is like fishing with dynamite, very effective and entirely efficiency centered. After discussing the economics of spamming -- within the posts's comments -- I emphasized on the fact that both the underground's economy supply of goods and the phishing ecosystem, are entirely based on the cooperating among spammers, phishers and malware authors, and so is the rise of the DIY phishing kits. I recently came across a very good analysis conducted by Cloudmark with a huge sample of phishing emails to draw conclusions out of. The Economy of Phishing - A Survey of the Operations of the Phishing Market :

"We have conducted extensive research to uncover phishing networks. The result is detailed analysis from 3,900,000 phishing e–mails, 220,000 messages collected from 13 key phishing–related chat rooms, 13,000 chat rooms and 48,000 users, which were spidered across six chat networks and 4,400 compromised hosts used in botnets."

The research once again demonstrates the diversity of phishing techniques used, and covers the following segments - Webservers used in phishing attacks; Institutions by advertising rate; Institutions by report rate, and perhaps the most interesting part is an IRC visualization of underground social networks for trading of stolen digital goods.

Furthermore, it's great to note that it's not just vendors actively researching the average time a phishing site remains online, but also, third-party researchers such as Richard Clayton and Tyler Moore at the Security Research Computer Laboratory, University of Cambridge with some recently released research notes. It's one thing to consider the daily reality of malware and phishing pages hosted on infected home users' PCs, another to see malicious parties offering fast-flux networks on demand while vendors are figuring out how to timely shut down the pages, but totally out of the blue to see such a party -- the always on malicious service is ironically down -- offering phishing hosting and spam sending in between child porn and zoofilia hosting.