« Defying Logic (and English) | Main | Fraudulent Domain Registrations »

February 14, 2005

I've referred in other posts here that I sense the availability of "ready-to-run" kits for wannabe phishers. Too many batches of messages have too many similarities to be the creative work of a diverse bunch. This means that the crooks at the root of the scams hire underlings to do their mailings and gather the phished data (and thus distance themselves further from any possible law enforcement).

I'm starting to wonder, however, if there are so many little phishers out there that the system is starting to bend under its own weight. In checking my overnight email server log, I found no fewer than nine phishing messages aimed at my address:

• 6 Washington Mutual (wamu)
• 2 PayPal
• 1 Citizens Bank

These are just the ones that weren't summarily rejected at my server because they were addressed to invalid and corrupted user names that circulate widely on "millions CDs" among spammers.

If I were a wamu customer, I would have received so many phishing messages in the last year that it's highly unlikely that one of today's messages would convince me to "click here" to yield my private info. The odds of one of these messages finding a new wamu customer who hasn't seen these messages before must be minuscule. Just as real fisherman can overfish a region and ruin future catches, too many phishers must be overphishing various institutions, causing (I hope) much lower yields.

The reward for tricking a phishing victim, however, can be large. A case in point is a Bank of America victim who had $90,000 lifted from his account (and is suing BofA—but that's another story). At that rate, it doesn't take too many catches to make it a good day at the ol' phishing hole. And that's why they'll keep phishing in the hopes of reeling in the catch with the diamond in its stomach.