Cybercriminals Create 57,000 Fake Sites Each Week

wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."

Poor security comes from early no security

[magarity]

I always think of the recollections in Levy's "Hackers" when the early days' programmers at Berkeley and MIT would insist security was only for fascists and even balked at passwords for accounts. Computer security will probably never catch up because it was never a focus at the start. What's always among the first things now when making a new software package but how to segment permissions, etc, but that's always on a system whose underlying base has security issues. Sigh, dang hippies!

Re:Battle.net

[cygnwolf]

I think the wow ones that maybe work are the ones that say "Battle.Net account alert" or something to that effect, look kind of official and say things to the effect of 'Your account is under investigation for XYZ Reasons, if you want to contest these reasons, pleas visit your account page to contest this or else your account will be suspended," and then have 'links' to 'account management' login pages that catch your e-mail. 'course, my account had been turned off for years before I got the first one like this, and I keep getting more and more of them. I just forward them all unread to hacks@blizzard.com . Ironically enough, I keep tripping yahoo mail's spam filter when I forward more than two or three a day and then they lock down my ability to send mail

Stupid, or otherwise concerned

[CarpetShark]

The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:

* banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.

* insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.