The economics of Phishing – working fast food could earn you more

New report details the economics and inflated numbers surrounding Phishing. (IMG:J.Anderson)

Microsoft Research has published a new report that takes an interesting look inside the criminal business of Phishing. Written by Cormac Herley and Dinei Floręncio, the report explains the economics behind the criminal enterprise, and paints a picture that is in stark contrast to what many analysts have reported in the past.

“Conventional wisdom is that Phishing represents easy money,” is how the report starts. The headlines have grabbed the attention of the masses time and time again. The headlines report that criminals -- who are often falsely labelled as hackers by the media -- are making money hand-over-fist thinks to a form of scam called Phishing.

The report from Microsoft notes a few popular stories from the past, such as the “Interview with a Phisher,” which tells the story of a teen who started Phishing because he was bored, and found it to be very easy. The teen went on to report he made upwards of $4,000 USD per day and stole over 20 million identities. His story, like the others seen in the press, back the notion that Phishing scams are easy to pull off and can yield one hell of a tidy profit.

Yet, the report points out that this is simply not the case. Based on some of the math used, the pool of money available as a direct result of Phishing schemes is mostly static. So you can assume that the more people taking part in Phishing scams, the less money there is to spread around.

To put it another way, as Phishing gets easier -- as evident from the readymade Phishing kits available for download or purchase online -- the more people likely to take part in Phishing crimes. The more people who Phish, the less money there is to be made.

The assumption of a static pool only makes sense if you don’t account for other things. The static pool theory doesn’t include teams of people who Phish together and split the profit only between themselves. It doesn’t account for criminals at the upper tiers of Phishing groups who leech from others and take more than their fair share. This could be done by inflation of services to Phishing crews such as hosting, tunnel access for VPN traffic, money laundering and exchanges, flat out extortion, etc.

The research paper does make a good argument that the more people who are aware of Phishing schemes, because such schemes are in the news all the time (community education, or simple word or mouth), the less Phishing victims there are available. This is a classic example of resource depletion.

In the end, crime doesn’t pay. Those pulling off the Phishing schemes are likely to see little to no financial gain compared to an honest worker putting in the same time and effort at a normal job. Those that do benefit are an above-average breed and not the normal Phishing criminal.

That is, unless you read research papers from established firms such as Gartner or Javelin, who report hundreds of millions of dollars lost every year because of Phishing schemes. This is in addition to the bulletins and reports from the FTC, which outline some of the same facts and figures.

In both cases, Microsoft Research said they are noisy at best, suggesting that they are sorely overinflated.

“We find that the data from widely cited victim surveys are noisier and more biased than is generally realized. It is interesting to wonder why the Gartner and FTC estimates are repeated without scrutiny when they appear noisy at best.”

Citing a paper by scholar Peter Reuter, titled, "The (Continued) Vitality of Mythical Numbers," the Microsoft Research report postulates that the often-quoted Phishing figures used by the media and taken at face value by the public is likely because of, “an interest in having the reported numbers be high, but no constituency with an interest in having those numbers be accurate.”

Adding that there is also, “an absence of scrutiny from academic researchers,” which allows this to happen.

“Finally, we would like to emphasize and re-emphasize that, even if the dollar losses are smaller than often believed, we believe that phishing is a major problem. There are many types of crime where the dollars gained by the criminal are small relative to the damage they inflict. This appears to be the case with phishing. If the dollar losses were zero the erosion of trust among web users, and destruction of email as a means of communicating would still be a major problem,” the report concludes.

Phishing is like any other criminal scheme. As the victims get smarter, the criminals will follow suit and create increasingly clever ways to defeat this new since of awareness their victims have created. The progression of Phishing into the threat it is today, started with Social Engineering, culminates in the same crime being merely wrapped in a new package.

Perhaps there will be more skepticism given to the facts and figures that are released in Phishing-related news.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]