Who are the phishers?

I’ve tried to explain how this works to a few reporters, but there are certain classes of phishers out there that seem to band together. Geographic dispersion is loose, as you might guess, but they are sort of basically chopped up into three groups of people, the Romanians/Eastern Europeans, the Chinese/Asians, and the Nigerians/North West Africans. Each have their own ways of attacking applications and phishing.

Romanians/Eastern Europeans: They tend to be the most skilled of the bunch. They think about scalability and they run their activities like a business. They use modern exploits, and tend to come up with most of the cutting edge scams. They tend to be on the bleeding edge of new issues, and tend to tie in things like malware, pharming, and server exploits. They tend to be the ones creating the phishing kits. Like the others they have strong ties to organized crime, and have actually resorted to kidnapping and (presumed) killing of at least one government official. Due to their technical nature they are highly scalable even though there are probably fewer in numbers. They require the most hardware, and are assumed to have ties with lots of botnets.

Chinese/Asians: They tend to be copy-cats. They watch what the other groups do and mimic the same tactics, only months or years later. What they lack in innovation of exploits they make up for in volume and brute force attacks. They are relative newcomers to the world of phishing in comparison but they are growing rapidly.

Nigerians/North West Africans: They tend to have the lowest sophistication of the three groups, and primarily focus on ways of coming up with new variants of 419 scams. They tend to use people instead of automation and focus only on high dollar scams. They are most likely to make contact with the victim and actually will resort to strong arm tactics if they find out where you live. Would you want this nigerian debt collector after you?

All three groups have technical requirements, and all three groups span across national boundaries. The lax laws around cybercrime and the difficultly in getting machines and operations shut down in these various countries make it particularly easy for them to operate with relative ease at the moment.