Email Security Blog

Face to Face with a Fraudster

Agari August 13, 2014 Cybercrime, Email Security
Fallback Featured Image

By Chris Meidinger

The awesome part of DefCon is the opportunity for attackers and defenders to sit down, drink a beer, and talk shop. And so it happened that I ended up face to face with an email fraudster. He sat down next to me, openly soliciting help, looking for malware to hack his competition and steal their data. It was his first time at DefCon so we had a little talk about the number of Feds running around the conference and the danger of over-sharing. In fact, I thought he was a Fed himself for a while, but at some point we both established our bona fides.

It was a really interesting conversation, as we were both able to discuss and ask about things that we had been curious about. I explained some stuff about malware and social engineering, and he opened up about his business model. His $10,000 a month hosting fees were surprisingly high, but what really surprised me was his answer to one of my questions about the business. I asked him what the greatest limiter to his business was, and he said it was “new data” – essentially email lists. This really surprised me, because I would have imagined that in 2014 practically every email address in existence is already on lists that should be trivial for any spammer or fraudster to obtain. He assured me that no, getting more and fresher data was the most critical aspect of his business.

Apparently, the longer accounts are targeted, the lower the hit rates. That may seem obvious, but it just wasn’t intuitive to me that not every email address in the world has been harvested somewhere, landing in lists that have been readily available since the days of Shadowcrew. Apparently this guy is making a living – and not a bad one, as indicated by the rolex I saw, the personal trainer he said he had – with under 100M email addresses in his list.

You learn something every day.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 16, 2019 Seth Knox

Microsoft Office 365 + Agari Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

Agari Blog Image

July 11, 2019 Armen Najarian

Restoring Trust to Digital Communications: How Smart Communities Model the Good

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud…

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 27, 2019 Siobhan McNamara

The 4 Fundamentals of AI-Based Email Security

Predictive, AI-based email security is proving to be remarkably effective at protecting against today's most…

Agari Blog Image

June 20, 2019 Michael Cichon

Email Security: Using ML to Prevent Advanced Attacks

The statistics are astounding. Email remains the number one threat vector for data breaches, the…

mobile image