Forgot your password?
typodupeerror
Crime Security Your Rights Online

Cybercriminals Create 57,000 Fake Sites Each Week 77

Posted by CmdrTaco
from the because-they-can dept.
wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."
This discussion has been archived. No new comments can be posted.

Cybercriminals Create 57,000 Fake Sites Each Week

Comments Filter:
  • Sure... (Score:2, Funny)

    by mathmatt (851301)
    Yeah but most of them just link to http://www.youtube.com/watch?v=oHg5SJYRHA0 [youtube.com]
    • Is there a way someone could flood these websites with fake credit card numbers that when the scammers try to buy something with it, they get rickrolled? Like Mr. Douchebag scammer takes his girlfriend out for a nice steak dinner using a credit card he, er, downloaded or something from us, and then he goes to pay for it and the waiter swipes the card, and then the fancy music playing in the background screeches to a stop, and "Never gonna give you up" starts playing, and everyone laughs at him, and his gir

      • It's a piece of ...uh... Steak to do this. The scanner has to have an "invalid #" error code. Then the employee just presses three buttons on the sound system.

        As usual, this won't happen for a few years for "social" reasons - until some really snarky hip young-person's bistro in NYC does it.

      • There used to be a site, i think it was called phishfigthers, which would do just this. It was just some guys who got pissed off at scammers and set it up: they didn't charge anything. You could go to the site, submit the faked url, and their scripts would test it, and see if it took fake logins/credit cards/social security numbers/etc (fake sites back then typically would just take any crap you typed in, if it fit the regexp, and assumed you typed it in right). If so, they would flood it for a while

  • 57,000 sounds like a lot of sites, but when they more than likely all use a few of the same templates it isn't that difficult to accomplish.
    • Well, its not just one person and one organization its multiple people all across the world so I don't see why the number would be surprising.
  • I don't use any of the listed services*, I'm not being targeted!

    * - Before you ask, yes, except for the IRS. But there's not much I can really do about that one.

    • Addendum: Actually I was thinking of taxes when I saw "IRS". I've never actually dealt with them apart from filling out my tax forms and having my tax automatically deducted from my pay. Just to clarify *cough*.
    • The way the IRS one works is that you get a spam email with an attachment. You click on the attachment which brings you to a site that looks just like the IRS'. It then asks for bank accounts, credit cards, debit cards, SSN, DOB, adresses, names, etc... everything needed to rob you blind.

      The IRS pretty much doesn't give a shit - they're pretty blaze about it when contacted.

      Like everything with the internet:

      ALL spam emails are scams. That's what I tell people when they ask about this shit.

      • The way the IRS one works is that you get a spam email with an attachment. You click on the attachment which brings you to a site that looks just like the IRS'. It then asks for bank accounts, credit cards, debit cards, SSN, DOB, adresses, names, etc... everything needed to rob you blind.

        The IRS pretty much doesn't give a shit - they're pretty blaze about it when contacted.

        Just remind them that they won't be able to take the money if the other guy already took it.

    • I've seen some pretty obscure phish attempts - including some service providers I use that I would have never thought were "big" enough to be worth targeting.
  • It is interesting that 57,000 sites can be created per week at a cost which still allows for a profit. I know that some of these sites are created using phishing kits, but does every one of these 57,000 sites represent an individual effort? TFA doesn't give any details of how such high numbers of fake sites are created, but I would expect that a large number of them are programmatic variations of the same site, hosted on different machines/networks. How many people are actually employed by the phishing con
    • Re: (Score:2, Insightful)

      by DriedClexler (814907)

      Oh, I am completely sure that this isn't profitable, because registrars and ICANN would crack down on it immediately, and credit card companies would quickly reverse fraudulent puchases made on these websites, and then pass on the fraudsters' information to law enforcement, allowing them to swiftly shut down these operations.

      *jerk-off gesture*

      • by Anonymous Coward

        Unfortunately, U.S. law enforcement does not currently have the jurisdiction to take down an operation based out of, say, eastern Europe.

        My credit card company's been pretty quick about those chargebacks, though; maybe you should find a better one?

      • Oh, I am completely sure that this isn't profitable, because registrars and ICANN would crack down on it immediately...

        If there was a $10 cash in advance initial fee for a domain and a five-day wait before activation...

        ...and credit card companies would quickly reverse fraudulent puchases made on these websites...

        They will, but how many people ask? Even if 90% of charges fail to stick many of these scams could be profitable. How many people bother to ask that the charge be canceled when it's only $9.0

        • by Nadaka (224565)

          $14.74 but yes, I did.

          I got it with 4 such charges from two different companies right before the $14.74 credit card scam ring in Spain got nabbed.

          I reversed all 4, two from one company stayed reversed but the other two required me to contest, I have no idea how it will turn out.

          I don't know exactly where they got my cc number, possibly from a gas station, fast food place or an online training/certification site I spent money on for my now ex fiances funeral service study books/national boards exam.

          • by cdrguru (88047)

            Every time you use a credit card you should assume that someone in the back room is writing it down. Why? Because it is worth as much as $0.50. So if you are a waiter in a restaurant and can grab 100 credit card numbers a week that is like $50 in your pocket.

            If you get caught, well, it wasn't that great a job anyway now was it?

            One of my cards gets "borrowed" in this way every year. Sometimes the cards are used for purchases in the US, sometimes not. Sometimes they are for easily cancelled items online,

      • by Bigbutt (65939)

        Well, they're not really putting the site on a new domain but one some guys Windows box that's now part of some botnet.

        The botnet masters are warring to put up sites and take down sites on other botnet managed systems so that's why there are 57,000 per week.

        Since they're linking to images from the real sites, they only need a bit of text also hijacked from the site. The answer is saved in a bit of data which the botnet masters retrieve at their leisure.

        I image there's some guy in China with a 30" monitor wa

  • Battle.net (Score:5, Informative)

    by ildon (413912) on Thursday September 09, 2010 @10:43AM (#33522754)

    I'm honestly surprised that battle.net or World of Warcraft didn't make the top 10. Anyone who's been targeted by their phishing mails is probably familiar with domain names like "battle-auth-blizzard.com"

    • More often, WoW players are targeted in game, via in game mail, trade chat spam, whisper spam/phishing attempts, and lately on my server, the spammers have actually been running 25+ identically dressed characters into SW and arranging them into URLs and/or gold site names. I don't think I've ever received an actual email that was a WoW related phishing attempt. What amuses me is how broken the english usually is in these attempts, as if people wouldn't clue in that "Blizz SLECT U FROM ALL GAME PLAYS. U WIN

      • by Nidi62 (1525137)
        Ironically, in my server, the gold farmers advertising in trade chat generally have better spelling and grammar than the majority of players talking in trade chat.
      • by Wiarumas (919682)
        Yeah, I've seen the dead bodies in Orgrimmar as well. However, last night, they somehow made the dead bodies levitate vertically in the air like a 3D graphic. It was pretty wild - no idea how they did it. Annoying, but innovative.
        • The client reports to the server the positioning of the character... fairly easy to hack if you know what you're doing. Seen the "underground hackers" yet, or are you on a low pop server?
          • The client reports to the server the positioning of the character... fairly easy to hack if you know what you're doing. Seen the "underground hackers" yet, or are you on a low pop server?

            It's doing wonderful things in PvP like Arenas as well. Lots of PvP folks using hacked clients to move faster, or warp around to get out of line of sight. Fun times.

            This nonsense has been going on for over a year now - Blizzard has done nothing.
      • by ildon (413912)

        I know people who have never even played WoW or have mail accounts that were never associated with WoW who sometimes get onto these phishing mailing lists. You're lucky if your mail accounts are still safe from this spam (or perhaps your ISP or spam filters are just better than mine).

        In my experience, the in-game scamming has been greatly reduced to the point where I almost never receive tells. Yet I have one email account that sometimes receives multiple phishing mails per day, including ones for Aion (whi

      • by TheLink (130905)
        Maybe they only want the really stupid victims? There are benefits from that approach you know, as long as there are enough candidates in that category.

        So far there appear to be no shortage of stupid and ignorant people.
      • Re:Battle.net (Score:4, Interesting)

        by cygnwolf (601176) on Thursday September 09, 2010 @11:53AM (#33523900)
        I think the wow ones that maybe work are the ones that say "Battle.Net account alert" or something to that effect, look kind of official and say things to the effect of 'Your account is under investigation for XYZ Reasons, if you want to contest these reasons, pleas visit your account page to contest this or else your account will be suspended," and then have 'links' to 'account management' login pages that catch your e-mail. 'course, my account had been turned off for years before I got the first one like this, and I keep getting more and more of them. I just forward them all unread to hacks@blizzard.com . Ironically enough, I keep tripping yahoo mail's spam filter when I forward more than two or three a day and then they lock down my ability to send mail
        • by Jurily (900488)

          I just forward them all unread to hacks@blizzard.com .

          If you can't be bothered to read your own mail, why would they? Chances are, they know about the problem anyway.

          • Because Blizzard asks their playerbase to forward these e-mails for verification, and to help them locate the bogus sites and get them shut down. I'm getting these myself (although my B.net account is now on a different e-mail address), and they all have different bogus websites. While they know there's a problem, they still need to know where the new problems are.

          • by cygnwolf (601176)
            It's not that I can't be bothered, it's that I already know what it is without opening it and opening it would only be an unnecessary risk. I also know that they expressly say on their website to forward suspected phishing messages to that address so that they can do something about it.
          • by flowwolf (1824892)
            Okay, say you're fighting a war, and you constantly have no people telling you about the same problem.. the enemy. These reports are all slightly different yet amount to the same problem: The enemy is killing your dudes. Do you tell these people to stop bringing you all these reports of dudes getting killed? That would be bad strategy in my opinion. Blizzard requires it's player base to be their eyes and ears when it comes to these kind of scams. They wouldn't have much to go on without that email acco
    • by antdude (79039)

      Not just Blizzard, also NCsoft. I got one yesterday morning with http://www.aion-account-ncsoft.com/ [aion-account-ncsoft.com] (already submitted and seems to be down now) for Guild Wars 2 beta. http://www.urlvoid.com/ [urlvoid.com] only showed two of them when it checked yesterday morning, and still is two today. These sites come fast and go fast. :(

  • How many other potential sources of news /. submitters are missing.
  • Assuming a "site" == new domain, that would give us roughly 6%* of the registered domains per week are used for phishing...

    Curious what the percentage is for porn sites

    * using these statistics. [domaintools.com]

  • by kheldan (1460303) on Thursday September 09, 2010 @10:58AM (#33523012) Journal
    I know that DNS vulnerabilities are being addressed finally. Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?
    • by binkzz (779594)
      But how would the domain registrar know what a domain will be used for?
      • by Aoet_325 (1396661)

        Anytime someone registers something like www.paypal-loginweb.com it should be setting off red flags everywhere.
        I'm not saying these domains should be shutdown automatically or anything, but they should be flagged for review every few weeks and it might not be a bad idea to ask a few questions either.

        The fact is that many registrars have worked so hard to lower costs that they cut out the basic checks that would have caught these kinds of domains.

        Sure it would never stop someone from setting up a phishing si

    • sure... (Score:5, Insightful)

      by damn_registrars (1103043) <damn.registrars@gmail.com> on Thursday September 09, 2010 @11:48AM (#33523814) Homepage Journal

      Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?

      I agree whole-heartedly that something should be done about the crooked and complacent registrars. The problem is, who should take the action? The most logical step is ICANN, since they handle registrar accreditation, except they have shown repeatedly that they will not take any meaningful steps. And of course, ICANN only does accreditation for registrars of the largest TLDs (for now), so anything from another country's list of TLDs is beyond their jurisdiction (and soon pretty much everything will be beyond their jurisdiction).

      So if ICANN won't do it, who then should? It is pretty well impossible to take legal action against the registrars and expect anything meaningful to come of that, so unless you want to advocate vigilante justice you're just SOL.

    • 1. Currently most DNS records have Time to Live of a few days to a week. I would expect that servers of secure sites would want much longer times than this. Clients then know that certain servers are to be connected at specific addresses, and bring up an alarm when the last IP of record for server.foobank.com has changed.

      2. I'm always suspicious when any web site makes reference to a server outside of it's own domain. Is this not also a place that responsible secure servers could take a step. Couple t

  • Snakes (Score:5, Funny)

    by CarpetShark (865376) on Thursday September 09, 2010 @11:13AM (#33523244)

    Slow down everyone. No one would argue that ASP.net sites aren't bad, but calling them criminal is a bit much.

  • so sick of seeing (Score:3, Insightful)

    by nimbius (983462) on Thursday September 09, 2010 @11:18AM (#33523332) Homepage
    "articles" of this nature. When a company hocking a security product releases earth-shattering statistics for hackers and malware it is not research, or an investigation with any independent credibility. This is marketing fearmongering designed to get people to buy the product.
    • This is marketing fearmongering designed to get people to buy the product.

      Interesting. How much would I have to pay for one of these "marketing fearmongerings"?

      • by omni123 (1622083)

        The same amount you would have to pay for a piece of software from one of these security firms that can solve the fraudulent domain registration problem.

  • The registrars could do their part to shut down the bogus websites faster - by invalidating the WHOIS records - but they don't. Of course, we all know why they don't; it's because they make money by chosing to not do that. Of course if you read into the existing WHOIS records for the bogus websites you'll find that quite a few of them already have bogus WHOIS data; often the only part that means anything is the DNS referral, which shows quickly whose side the registrars are on.

    If our good friends at IC
    • Re: (Score:3, Insightful)

      by Phrogman (80473)

      Which is why some Government agency and not ICANN should be administering the domain names, or at the least some governing body with members posted from each of the major nations on the net or something.

      • Re: (Score:1, Flamebait)

        Which is why some Government agency and not ICANN should be administering the domain names, or at the least some governing body with members posted from each of the major nations on the net or something.

        That wouldn't be nearly profitable enough for anyone's palette. And getting an agreement on domain name registration terms between the larger nations on the net would be a cat-herding exercise at best, to say nothing of the massive unpopularity in the US regarding any actions that resemble uniting nations.

      • Re: (Score:3, Insightful)

        by John Hasler (414242)

        Because there is no chance at all that government would misuse control of DNS...

  • As long as stupid or ignorant people exist, social hacks will work.
    • by CarpetShark (865376) on Thursday September 09, 2010 @11:53AM (#33523908)

      The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:

      * banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.

      * insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.

      • The average person cares after they've had their bank account emptied 3 times despite their best efforts to fix it.

    • or lazy.

      don't forget lazy

  • by magarity (164372) on Thursday September 09, 2010 @11:50AM (#33523848)

    I always think of the recollections in Levy's "Hackers" when the early days' programmers at Berkeley and MIT would insist security was only for fascists and even balked at passwords for accounts. Computer security will probably never catch up because it was never a focus at the start. What's always among the first things now when making a new software package but how to segment permissions, etc, but that's always on a system whose underlying base has security issues. Sigh, dang hippies!

  • >with eBay taking the spot as the No. 1 most targeted brand on the Web today
    That's why i will never use Ebay again, as I have kijiji right now...

  • Grammar, please (Score:1, Insightful)

    by Anonymous Coward
    "Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals." Please, please, for the love of god, grammar check your submissions. I am a proud grammar nazi because it really hurts my brain when I have to read a summary that contains a sentence that is missing a verb. How does this even get posted like this? Something is wrong here.
  • Home Boyz and Fly Girlz, homo domesticus tis clearing out your ya Bank accounts... I have 100 trillion billion dollars printed freely by the IMF and if you help me me plz, you too can buy arms, become rich and siphen off international aid funds, corrupt governments. drink oil, eat diamonds. Well you get the idea "Fools Gold".

How many Unix hacks does it take to change a light bulb? Let's see, can you use a shell script for that or does it need a C program?

Working...