Using crypto against Phishing, Spoofing and Spamming...
Enzo Michelangeli
em at em.no-ip.com
Sun Jul 18 06:20:27 EDT 2004
Can someone explain me how the "phishermen" escape identification and
prosecution? Gaining online access to someone's account allows, at most,
to execute wire transfers to other bank accounts: but in these days
anonymous accounts are not exactly easy to get in any country, and anyway
any bank large enough to be part of the SWIFT network would cooperate in
the resolution of obviously criminal cases.
Enzo
----- Original Message -----
From: "Ian Grigg" <iang at systemics.com>
To: "Florian Weimer" <fw at deneb.enyo.de>
Cc: <cryptography at metzdowd.com>
Sent: Sunday, July 18, 2004 1:51 AM
Subject: Re: Using crypto against Phishing, Spoofing and Spamming...
> > At 10:46 AM 7/10/2004, Florian Weimer wrote:
> >
> >> But is it so harmful? How much money is lost in a typical phishing
> >> attack against a large US bank, or PayPal? (I mean direct losses due
> >> to partially rolled back transactions, not indirect losses because of
> >> bad press or customer feeling insecure.)
>
> I estimated phishing losses about a month ago at about
> a GigaBuck.
>
> http://www.financialcryptography.com/mt/archives/000159.html
>
> You'll also see two other numbers in that blog entry,
> being $5 billion and $400 million (the latter taken
> from Lynn's posted articles).
>
> Of course these figures are very delicate, so we need
> to wait a bit to get the real damage with any degree
> of reliability. Scientific skepticism should abound.
>
> Notwithstanding that, I would suggest that the money
> already lost is in excess of the amount paid out to
> Certificate Authorities for secure ecommerce certificates
> (somewhere around $100 million I guess) to date. As
> predicted, the CA-signed certificate missed the mark,
> secure browsing is not secure, and the continued
> resistance against revision of the browser's useless
> padlock display is the barrier to addressing phishing.
>
> iang
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list