So you want to be a cybercrook...

Some Web sites are now offering surfers the chance to download free "phishing kits" containing all the graphics, Web code and text required to construct the kind of bogus Web sites used in Internet phishing scams.

According to security firm Sophos, the kits allow users to design sites that have the same look and feel as legitimate online banking sites that can then be used to defraud unsuspecting users by getting them to reveal the details of their financial accounts.

"By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise," said Graham Cluley, senior technology consultant at Sophos.

Sophos warned that many of the kits also contain spamming software that enables potential fraudsters to send out thousands of phishing e-mails with direct links to their do-it-yourself fraud sites.

"The emergence of these 'build your own phish' kits means that anyone can now mimic bona fide banking Web sites and convince customers to disclose sensitive information such as passwords," Cluley said.

Many online banking Web sites now carry messages urging users not to open any e-mail that they suspect may be fraudulent and to telephone their bank for further information if they do receive suspicious e-mail.

Phishing has become such a problem that there are now several online antiphishing guides to educate users about the con artists' common tricks.

James Sherwood of ZDNet UK reported from London.

[KittyMartyr]

Phony emails from "banks"

I got one of those phishing emails a couple weeks ago. It was supposedly from Wells Fargo, where I have never had an account. It was very official-looking, and said that my "account" had been frozen because it seemed to have suspicious money-laundering-type activity going on in it. It was scarey! I immediately wrote to Wells Fargo and discovered they have a whole department dedicated to tracking this type of fraud. This ain't no joke.

[Gabey8]

These people need to do SERIOUS jail time

The only way to stop this kind of crime is to make it punishable by LARGE fines and LONG jail terms.

ALL countries need to crack down on it, since perpetrators can victimize people in any country with internet service, not just the country where they are located.

Never click on a link that's in the suspicious e-mail itself. Call the customer service department for the bank (or whatever company supposedly sent the e-mail). Or open a new browser and visit the company web site from THERE, not from the link in the e-mail.

[Fray9]

Fighting back

I usually welcome a phishing email from an unsuspecting crook.

It gives me the opportunity to seriously foul up their whole operation.

You see when they send me one I usually follow the link they give, snicker at the poorly done website and clear signs its a phishing site, then proceed to unleash a random alphanumeric generator with a dictionary list and proper names list on it till its entered a few dozen thousand bogus usernames and passwords.

The phishers now have the always fun task of trying to figure out which ones are real from people they've really swindled and which are fake.

Typically its easier for them to just toss out entire lists and start from scratch, costing them time, money, and serious frustration.