Mysterious “Rock Phish” Behind Surge in Phising Attacks

Little is known about Rock Phish, expect that the individual or gang is suspected to be the most prominent phishing operation in the world.  The group (person???) uses sophisticated social engineering schemes to target US and European finacial institutions and is believed to have cost banks more than $100 Million to date. It is estimated that 1/3 to 1/2 of all phising messages are sent by Rock Phish.  

The group is also credited with pioneering the use of Image Spam and  single use domains to get around spam filters and phising blacklists, respectively. The latest trick is to build new phising addresses with seldom used domain extensions (.st, .md etc.) to bypass phishing filters not programmed to look for URLs with these obscure extensions…which is something that has been picked up and used by spammers recently as well.  

As of October 2006, the Anti-Phising Workgroup estimates that there are ~35,000 Phising Websties.  

Leave a Reply