Phishing Despite its Advancement is Low Paying Business

Microsoft Research, in a new report published recently, goes deep into the study of online phishing. Researchers, Dinei Florencio and Cormac Herley, who compiled the report showed how phishing gets more sophisticated, automated and widespread. The conventional belief that phishing is not lucrative is no longer valid.

The report summarizes certain stories that have been well known in the past like the "Interview with a Phisher" that talks about a teenager who took on phishing because of boredom and discovered that it was quite easy. The teenager even reported that he earned revenue of more than $4,000 each day by stealing about 20 Million identities. Thus, the story supports the idea that phishing frauds can be easily orchestrated that can also yield large sums of profit.

The report's authors further said that the earnings per phishing scammer has vastly reduced in recent years as too many of them are coming into the business.

One other point that Florencio and Herley discuss in the research report is about public estimates of phishing. They say that there is an increased overstatement of the phishing losses. As per their estimates, actual phishing income is around $61 Million in the US, hardly comparable with Gartner's figures of $3.2 Billion during 2007.

According to Finjan's Chief Technical Officer Yuval Ben-Itzhak, the top bosses take away the big money, and phishing doesn't yield as much revenue in the United States as in many other countries, as reported by darkREADING on January 7, 2009. Ben-Itzhak adds that there are likely additional segments in the market that has 'deep pockets' worth being phished.

Another point that Florencio and Herley discuss relates to the number of Internet users being phished every year. According to their calculations, around 0.37% of people are phished every year, with around 50% of them really find their e-mail hijacked. Researchers state the con artists don't always succeed in converting the data they compromise as users set new passwords after learning about their mistakes alternatively banks identify fraudulent activity, as reported by darkREADING on January 7, 2009.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 1/15/2009