Attacks/Breaches
1/23/2009
04:52 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Phishing Doesn't Pay, Microsoft Finds

Lured by bad math and get-rich-quick pipe dreams into a life of cybercrime, those phishing for dollars confront a problem not unlike that faced by traditional anglers: too few fish in the sea.

Phishing doesn't pay very well and tends to attract low-skill hackers who themselves become victims.

So say two Microsoft researchers, Cormac Herley and Dinei Florencio, in their recently published paper, "A Profitless Endeavor: Phishing As Tragedy Of The Commons."

"Far from being an easy money proposition we claim that phishing is a low-skill, low-reward business, where the average phisher makes about as much as if he did something legal with his time," the paper says.

Part of the blame for this sorry state of affairs can be laid at the feet of exaggerated phishing loss estimates. "We estimate that recent public estimates overstate phishing losses by as much as a factor of 50," the paper explains.

Who might be to blame for such inflation? Try the media, which finds big dangers more compelling than little ones, and the security industry, which can't sell goods or services in the absence of a clear and present danger.

Lured by bad math and get-rich-quick pipe dreams into a life of cybercrime, those phishing for dollars confront a problem not unlike that faced by traditional anglers: too few fish in the sea. The result is what's known as the tragedy of the commons, wherein a limited resource becomes depleted when self-interest supersedes group interest.

"The easier phishing gets, the worse the economic picture for phishers," the paper says. "As phishers put more and more effort into the endeavor the total revenue falls rather than rises." Based on that finding, Herley and Florencio conclude that increased phishing volume indicates a decrease in total revenue, as phishers compete to capture the limited pool of phishing money.

Phishing appears to operate like every gold rush: The ones making money are the ones selling tools to starry-eyed prospectors, or servers to Web 2.0 startups.

As the paper's authors put it, "Indeed, one explanation of the thriving trade in phishing-related services ... is that phishers with more experience prey upon those with less. That is, those who have tried phishing and found it unprofitable or marginally profitable find it better to sell services to those who haven't reached that conclusion yet."

This supposition is supported by a paper presented last year at the Usenix Conference, "There Is No Free Phish: An Analysis Of 'Free' And Live Phishing Kits." It found that the big phishers -- the authors of phishing kits -- preyed on the little phishers who used their phishing kits.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0235
Published: 2015-01-28
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.