Email Security Blog

Face to Face with a Fraudster

Agari August 13, 2014 Cybercrime, Email Security
Fallback Featured Image

By Chris Meidinger

The awesome part of DefCon is the opportunity for attackers and defenders to sit down, drink a beer, and talk shop. And so it happened that I ended up face to face with an email fraudster. He sat down next to me, openly soliciting help, looking for malware to hack his competition and steal their data. It was his first time at DefCon so we had a little talk about the number of Feds running around the conference and the danger of over-sharing. In fact, I thought he was a Fed himself for a while, but at some point we both established our bona fides.

It was a really interesting conversation, as we were both able to discuss and ask about things that we had been curious about. I explained some stuff about malware and social engineering, and he opened up about his business model. His $10,000 a month hosting fees were surprisingly high, but what really surprised me was his answer to one of my questions about the business. I asked him what the greatest limiter to his business was, and he said it was “new data” – essentially email lists. This really surprised me, because I would have imagined that in 2014 practically every email address in existence is already on lists that should be trivial for any spammer or fraudster to obtain. He assured me that no, getting more and fresher data was the most critical aspect of his business.

Apparently, the longer accounts are targeted, the lower the hit rates. That may seem obvious, but it just wasn’t intuitive to me that not every email address in the world has been harvested somewhere, landing in lists that have been readily available since the days of Shadowcrew. Apparently this guy is making a living – and not a bad one, as indicated by the rolex I saw, the personal trainer he said he had – with under 100M email addresses in his list.

You learn something every day.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 11, 2019 Raymond Lim

Beware of Phishing Attacks as Tax Day Looms Closer

The April 15th deadline to file taxes in the United States is almost here, which…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

mobile image