I am researching on how criminals conduct Cyber criminal Operations and have highlighted a proposal below to get profit on which I need feedback
Proposed Operation Summary: Hire a botnet to send authentic emails to perform multipurpose phishing. Once you get the credentials for a wide variety of services use them to sell them on the black market, conduct financial fraud, serve ads, command Ransomware or conduct paid targeting denial of service attacks as suited.
I have a few questions regarding this proposal: 1) Is this plan practical in terms of conducting a successfully profitable cyber criminal operation? 2) How do criminals hire botnet services and affiliate programs? How do they compare and contrast and choose the best? Is there a market for it? Can everyone access? 3)What do users fall for in a phishing scheme, I am thinking some Single Sign On service that would offer them a way to login using multiple credentials? 4) If criminals planned to use stolen credential for a variety of ways how would they make sure the money gets to them always and still ensure they can avoid authorities?