The economy of phishing: A survey of the operations of the phishing market
Phishing is the fraudulent acquisition of personal information by tricking an individual into believing the attacker is a trustworthy entity. This paper is the result of a detailed analysis of 3,900,000 phishing e-mails, 220,000 messages collected from 13 key phishing-related chat rooms, 13,000 chat rooms and 48,000 users, which were spidered across six chat networks and 4,400 compromised hosts used in botnets. Phishing e-mails are only a small aspect of the overall phishing economy and until now, the only aspect seen by the most people. The phishing economy is a decentralized and self-organized social network of merchants and consumers governed by laws of supply and demand.
This paper presents the findings from this research as well as an analysis of the phishing infrastructure.