Gathering evidence of phishing

Phishers steal money and confidential data from internet users. Image copyright (c) Sophos

Kudos to the police investigators who appear to have cracked a major international phishing operation with the charging of 38 suspected phishers.

Investigations like this aren’t easy – there’s a lot of evidence that needs to be gathered (involving careful computer forensics that need to be able to stand up in court), surveillance, and working closely with the financial authorities as well as other police forces spread across the globe.  Investigations like this don’t come cheap, so it’s good to see a high level of effort and resources being put into tracking down suspected criminals.

And it’s not just the police who have to put effort into these cases.  The online banking institutions also have their part to play.  Obviously if phishers are apprehended and put out of business then that works in the banks’ best interests, but it can sometimes be hard to see the immediate benefit when you’re responsible for so many aspects of a financial institution’s computer security.

So, here’s my plea to online banks who are being targeted by phishers.  Gather evidence that might help the cops in future.  There is real value in recording emails, evidence of phishing websites, screenshots and HTML code, as well as what actions you had to take to defuse the problem.  If you are able to track cases of fraud which correlate with the phishing attack then even better.

The authorities’ best chance of a successful prosecution comes when there is concrete evidence that a crime has been committed, and that innocent people and companies have suffered as a result.