Phishers Make Very Less Money, Claim Microsoft Researcher Duo
Two researchers at Microsoft, Dinei Florencio and Cormac Herley, conducted a research wherein they found that phishers make very less or almost no money.
With this research, they have challenged the conventional theory that says phishers make easy money if online crime is analyzed in economic terms. They further stated that every phisher wants to optimize his returns and under such situation, "over-grazing" is bound to occur. More and more people are going into online criminal activities with an intention of making easy money, which is nothing but an illusion. Moreover, with rising number of phishing attacks, it is likely that prospective marks will become clearer.
They also put a question on surveys of phishing losses and indicated that phishing rate in majority of surveys is very low compared to margin of error. Moreover, the monetary loss in terms of dollar is overestimated by considering the average losses against small number of reporting victims. Median loss could be a right method to get better results of surveys.
Considering the results of other studies, both the Microsoft researchers revealed that nearly 0.37% web users give their personal information in reaction to phishing campaigns every year. Less than half of the total victims of phishing attacks suffer from financial losses because frauds are either blocked or detected before any untoward incident. Sometimes phishing servers are blocked before stolen information is used or online accounts do not have any money to be looted are some of the reasons for low success of phishing attacks.
According to security experts, the study does not provide any information on how money is divided after success of the attack. It is possible that a large network of phishers running high number of scams make great deal of money in small time period and phishing mules are putting in their efforts with no gains. After analyzing estimated figures of 113,000 different phishers, the duo concluded that an average phisher gets hundreds of dollars and not thousands of dollars.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 29-11-2008