Gathering evidence of phishing

by Graham Cluley on May 21, 2008 | Leave a comment

Filed Under: Law & order, Spam

Phishers steal money and confidential data from internet users. Image copyright (c) Sophos

Kudos to the police investigators who appear to have cracked a major international phishing operation with the charging of 38 suspected phishers.

Investigations like this aren't easy - there's a lot of evidence that needs to be gathered (involving careful computer forensics that need to be able to stand up in court), surveillance, and working closely with the financial authorities as well as other police forces spread across the globe.  Investigations like this don't come cheap, so it's good to see a high level of effort and resources being put into tracking down suspected criminals.

And it's not just the police who have to put effort into these cases.  The online banking institutions also have their part to play.  Obviously if phishers are apprehended and put out of business then that works in the banks' best interests, but it can sometimes be hard to see the immediate benefit when you're responsible for so many aspects of a financial institution's computer security.

So, here's my plea to online banks who are being targeted by phishers.  Gather evidence that might help the cops in future.  There is real value in recording emails, evidence of phishing websites, screenshots and HTML code, as well as what actions you had to take to defuse the problem.  If you are able to track cases of fraud which correlate with the phishing attack then even better.

The authorities' best chance of a successful prosecution comes when there is concrete evidence that a crime has been committed, and that innocent people and companies have suffered as a result.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.