Email Security Blog

Face to Face with a Fraudster

Agari August 13, 2014 Cybercrime, Email Security
Fallback Featured Image

By Chris Meidinger

The awesome part of DefCon is the opportunity for attackers and defenders to sit down, drink a beer, and talk shop. And so it happened that I ended up face to face with an email fraudster. He sat down next to me, openly soliciting help, looking for malware to hack his competition and steal their data. It was his first time at DefCon so we had a little talk about the number of Feds running around the conference and the danger of over-sharing. In fact, I thought he was a Fed himself for a while, but at some point we both established our bona fides.

It was a really interesting conversation, as we were both able to discuss and ask about things that we had been curious about. I explained some stuff about malware and social engineering, and he opened up about his business model. His $10,000 a month hosting fees were surprisingly high, but what really surprised me was his answer to one of my questions about the business. I asked him what the greatest limiter to his business was, and he said it was “new data” – essentially email lists. This really surprised me, because I would have imagined that in 2014 practically every email address in existence is already on lists that should be trivial for any spammer or fraudster to obtain. He assured me that no, getting more and fresher data was the most critical aspect of his business.

Apparently, the longer accounts are targeted, the lower the hit rates. That may seem obvious, but it just wasn’t intuitive to me that not every email address in the world has been harvested somewhere, landing in lists that have been readily available since the days of Shadowcrew. Apparently this guy is making a living – and not a bad one, as indicated by the rolex I saw, the personal trainer he said he had – with under 100M email addresses in his list.

You learn something every day.

Leave a Reply

Your email will not be published. All fields are required.

February 14, 2019 Crane Hassold

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

February 7, 2019 Paul Chavez

Why You Should Care About an Advanced Threat Catch Rate

February 5, 2019 Ronnie Tokazowski

BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit

February 4, 2019 Armen Najarian

Brand Marketing is the New Demand Generation

January 3, 2019 Paul Chavez

Why Your Company Needs Third-Party Solutions for Microsoft Office 365

mobile image