A Phisher attacker claims to make $3,000 to $4,000 dollars a day was recently interviewed and shared a bit about how he operates. The phisher said he typically tries to locate Domain Names which look realistic, and then finds an anonymous host, usually offshore.

The scammer who claims to be 18 and has been phishing since the age of 14, said he has stolen over 20 million identities, mostly through social networking. "I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through,"

The hacker got interested in phishing after realising the fake emails his parents were receiving were weak, however they still basically worked. "So, I knew automatically I could come up with more efficient methods and have a far greater outcome."

He usually only phishes around three or four times a week, and targets social networking sites, mainly those frequently visited by a young crowd. "5 times out of 10 the person uses the same password for their email account. Now depending what is inside their email inbox determines how much more profit I make. If an email account has one of the following paypal/egold/rapidshare/ebay accounts even the email account itself, I sell those to scammers. Although, I do tend to use compromised hosting accounts. Secondly, I view the page source. Then I alter the source code to post the forms information to my pishing [sic] site. Thirdly, I create a php file which will POST the current forms information to a text file on my server. I use the same php file with every site...Just minor alterations are needed since it’s mearly [sic] a few lines of php code."Depending on the website size of he usually phishes around 30,000 people a day.

HD Moore, director of security research for BreakingPoint Systems, says while the hacker does match the typical profile of phishers, the numbers seem a little high. "Running a phishing site attracts attention -- it has to, or it won't work. Bragging about how much money you make is a sure sign you are going to get busted in the near future, If any of them get audited on where their money comes from, you can bet they would turn over this guy in a heartbeat. " Moore explains.

The hacker uses a dedicated server, VPN, network encryption software, and a 1-Mbit/s ADSL line. Tool-wise, the phisher uses MyChanger for most social networking sites: "This makes pishing [sic] so much faster on social networking sites. Everything is automated! messaging/bulletins/comments/profile modifications it's great. Other than that, I get ALOT [sic] of custom programs built to suite [sic] my needs from freelance developers I use VPN's, Dedicated servers, Proxies and my network traffic is encrypted. All payments are made through egold. Internet Explorer 7 and Firefox 2.0's anti-phishing filters "cause the most irritation" of phishing deterrents available today."

Jeremiah Grossman, founder and CTO of WhiteHat Security. Says "Microsoft and Mozilla spend years figuring out a workable solution, then a short time later, it's all for not. Bad guys can adapt a lot faster than the good guys, which is why our job is so much harder." The hacker declared "Lazy web developers are the reason I'm still around phishing,".