×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anti-Phishing Tools

CmdrTaco posted more than 9 years ago | from the escalating-the-arms-race dept.

Security 233

mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

233 comments

Huh (5, Insightful)

Lord Grey (463613) | more than 9 years ago | (#9991674)

Unless I missed something, neither the article nor the summary provides a link to the product. Here is what I found: Web Caller-ID [wholesecurity.com]. That link contains this paragraph:
Web Caller-ID's detection engine includes hundreds of routines that examine the elements of a web site, ranging from the site's content and links to its page history, and then determine if they are indicative of a spoof. For example, the URL of a particular site might be analyzed for phishing characteristics, such as the inclusion of an IP address at the beginning of the URL, or the source code might be analyzed for calls to a different web site. In production environments, Web Caller-ID consistently detects more than 98% of previously unknown spoof sites using behavioral technology.
This product sounds interesting at first blush, but don't most phishing scams begin with an email? Web sites that support phishing aren't going to have as many of these charactistics as the email that lured the victims there to begin with. I have to wonder just how well this really works, despite the, "consistently detects more than 98% of previously unknown spoof sites" quote.

Email Phishing (5, Insightful)

TheOtherAgentM (700696) | more than 9 years ago | (#9991757)

From what you and I probably see, yes. Phishing begins with an email, because we probably don't browse shady sites regularly. I don't know what the average user sees in their regular browsing. I can't even figure out where people get all the spyware from in the first place. As far as phishing emails, I know I get one email regularly that looks like a CitiBank email, but it is a .jpg file embedded. The URL has citi in it, but if you look closer, it's obviously not the right sight. I'd report it, but Citi Bank's online reporting sucks.

Re:Email Phishing (2, Funny)

Theatetus (521747) | more than 9 years ago | (#9991895)

I got it too, though thunderbird marked it as spam and my anti-phishing tool in firefox told me "you are at 31337.h4x0rz.cn" or wherever. I'm not sure what good it would do to report it to citi since there's nothing they can do about it except maybe send out emails to everyone in the world telling them not to believe emails claiming to be from them.

Re:Email Phishing (5, Funny)

james_marsh (147079) | more than 9 years ago | (#9991930)

I'm not sure what good it would do to report it to citi since there's nothing they can do about it except maybe send out emails to everyone in the world telling them not to believe emails claiming to be from them.
There's just a slight flaw in that logic...

Re:Email Phishing (3, Insightful)

Anonymous Coward | more than 9 years ago | (#9992161)

> There's just a slight flaw in that logic...

No there isn't.

You receive an email supposedly from Citibank, telling you not to trust emails from Citibank.

If it's a fake email, it means you can't trust emails claiming to be from Citibank anymore, because someone's faking them.

If it's legit, it's telling you not to trust emails from Citibank, so you'd better not.

So, for this particular message, it doesn't matter whether it's fake or for real - you still know not to trust any more emails.

So how do the real Citibank communicate with you? By waiting till you next log into your internet bankning account (for minor stuff), or sending you a physical letter, or phoning you (for important stuff - which shouldn't be going by email anyway).

Re:Email Phishing (4, Informative)

realdpk (116490) | more than 9 years ago | (#9992143)

Actually, as someone who's working at a web host, I can tell you Citibank does take this sort of thing seriously, and they are interested to know where the sites are being hosted.

Who knows what they do with that information. Maybe nothing. Still, it's worth reporting, if only to show that the community is against these frauds.

Re:Email Phishing (2, Interesting)

Andrewkov (140579) | more than 9 years ago | (#9992273)

I reported one of these scams to Citibank through their website (I'm not even a customer, just a nice guy). They didn't even ackknowledge my report, let alone fix it.

Re:Email Phishing (5, Interesting)

aussersterne (212916) | more than 9 years ago | (#9992186)

Citibank can't do anything about it anyway; they're not law enforcement, and even if they were, what exactly do you see law enforcement doing about SPAM or phish emails? Nada.

I used to work at eBay and the phishing problem was terrible (though I didn't deal with it directly, that wasn't my department). When users would find out, they'd demand to know why eBay didn't do something about it. The people who worked on that floor would stand around in the smoking shed and bitch, "What do they want us to do, buy some guns and go to Romania and raid the guy's house wearing little eBay uniforms?"

Re:Email Phishing (1)

the unbeliever (201915) | more than 9 years ago | (#9992344)

It would be fucking awesome if they did, in a very frightening way.

It leads me to think of the dystopia that is Shadowrun's game world, where corporations have their own standing armies.

Re:Huh (1)

lukewarmfusion (726141) | more than 9 years ago | (#9991774)

I thought this at first as well... but considering that those phishing emails usually end up sending you to a website, I think it might help.

I'm skeptical about the 98% thing as well.

Re:Huh (4, Insightful)

beh (4759) | more than 9 years ago | (#9991785)

There is, of course, another issue as well - if you eliminate 98% of the phish scams - that'll probably also mean that people will start paying less attention to the problem at hand and might hence become less careful about those phish scams that DO make it into their inbox.

This might be in a way comparable to the rates of HIV/AIDS spread during the late 80s/early 90s when there was LOTS of media attention to the issue, and people would actually think about what they were doing. Now, a couple of years after the height of media attention to it, the problems are rising again (simply because people no longer think about the issue).

In the same way, I would guess people might fall more easily for phish scams, once the become more rare again.

Re:Huh (0, Offtopic)

garcia (6573) | more than 9 years ago | (#9992071)

(simply because people no longer think about the issue).

Or simply because instead of teaching proper sex protection methods we are teaching the public to just not have sex until they have a religous union under God.

Re:Huh (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9992233)

I'm an athiest, you insesitive clod!

No, Really, I am.

Re:Huh (2, Interesting)

Mysticalfruit (533341) | more than 9 years ago | (#9991917)

Actually there have been a large number of cases where an ISP's DNS server has been poisoned so users type in the legimate www.somehugebank.com and it brings them to a proxy mirror image of the site where you gleefully login in and they scarf your information.

spf (1)

nexus987 (683456) | more than 9 years ago | (#9992254)

Too bad e-bay won't take the time to publish SPF records (spf.pobox.com) or microsoft "caller ID" records. It would probabaly take them less than a minute...

Educate (4, Insightful)

Klar (522420) | more than 9 years ago | (#9991675)

However, better user education and stronger security from online retailers, banks, and financial institutions is also needed to protect technically unsophisticated consumers from complex online cons like phishing attacks, Schmidt says.
I have to say that I agree. These tools are great for newbie computer users. But I really think educating people on how to read a URL and not have to rely on a tool like this. If they don't understand the URL, using a 'caller id' program may not always be affective at preventing scams.

Also, I would like to see a program that would pre-scan a URL and if it appears to be a fake Paypal or Visa site to put the actual domain, and display a warning to alert newbie users.

Re:Educate (2, Informative)

Anonymous Coward | more than 9 years ago | (#9991732)

I've seen some intense scam sites where a graphic covers the address bar, and it looks like you are really at citibank. I was actually taken back for a few seconds. I KNEW I was on a phishing site, but the URL was clearly citibank's (I have accounts there). Played with the address bar, and noticed... hmmm.

This would fool 98% of semi-experienced users.

Re:Educate (0)

Anonymous Coward | more than 9 years ago | (#9991784)

Anyone have a link to a site similar to this?

Re:Educate (2, Interesting)

Mouse42 (765369) | more than 9 years ago | (#9992310)

98%, eh? heh.

One other problem companies have is changing their website's appearance. For example, CapitalOne recently changed their homepage and I was actually too nervous to log in for a few days.

Also, a poor quality website can make people suspicious. A friend of mine asked me to inspect his cable company's website to see if it were real or not because it was so poorly designed. I told him since it was so poorly designed to not trust it's security, either, and not bother doing the online bill pay.

OMFG! They're re-instating draft! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9992013)

Senate armed services committee live on CNN!

Re:Educate (3, Insightful)

psin psycle (118560) | more than 9 years ago | (#9992303)

Education will only help so long. What happens when someone writes a worm/virus that replaces the /etc/hosts file with one hacked up to send people to phishing sites instead of banking sites? Not only could the phishing websites capture account data, they could also forward the user on to the correct site so they don't even notice a problem. Who's going to check their /etc/hosts file to make sure this isn't happening!

This ad paid for by... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9991679)

WholeSecurity [wholesecurity.com] - The Leading Provider of Behavioral Endpoint Security Solutions. This plugin available for Microsoft Internet Explorer on Windows only.

HA! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9991682)

ha psychadelic stoner bands have met their match

Glasses (4, Insightful)

jobeus (639434) | more than 9 years ago | (#9991683)

Glasses would be a good anti-phishing tool... Seems almost 95% of the sites I come across just replace a . with a - somewhere. If people could see it more clearly......... :D

Re:Glasses (4, Insightful)

Rosco P. Coltrane (209368) | more than 9 years ago | (#9991875)

Glasses would be a good anti-phishing tool... Seems almost 95% of the sites I come across just replace a . with a - somewhere

A normal-sized brain behind the glasses would work very well too. I mean, for example, the Microsoft-looking emails that require you to give a password, or a CC number or something: who the hell with a normal intelligence would fall for that one?

Most scams look exactly like that: scams. They're so easy to spot with a vaguely critical eye that it's not funny. The problem is, who will educate a public that doesn't understand much about computers in the first place?

Re:Glasses (3, Insightful)

wan-fu (746576) | more than 9 years ago | (#9992019)

While I agree that helping people understand computers is partly the issue here, there's an even bigger issue and that's educating the public in general to be more aware of scams. Remember, though the internet is a haven for scammers, there are plenty of them out there sending direct mailings or using infomercials. People still fall for those and not just the tricks on the net.

I think a big part of it is people are simply more lazy these days. As a result, they are more willing to believe in a get-rich quick scheme or an identification check for a bank or sweepstakes or whatever (especially the old who are more trusting). But who knows, maybe it's not that, it could very well be that people are just stupid and gullible by nature (which many /.'ers seem to think given the number of times I've seen references to "sheeple" and the like).

Come on, we can't possibly... (1)

cnelzie (451984) | more than 9 years ago | (#9992129)

...want to see the general populace actually become smart enough to see everyday scams.

What will I do for fun if I am not able to see those extremely hilarious informercials about how you can do *nothing* and the fat will just dissolved off your body!

Already sluggish... (5, Informative)

La_Boca (201988) | more than 9 years ago | (#9991688)

Does That Web Site Look Phishy?

WholeSecurity's new software claims to identify fraudulent sites.

Paul Roberts, IDG News Service
Monday, August 16, 2004

A new software tool from WholeSecurity can spot fraudulent Web sites used in online cons known as "phishing" scams, according to a statement from the company.

Advertisement

The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies, and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud, and increase confidence in online commerce, the company says.

Phishing scams are online crimes that use unsolicited commercial, or "spam," e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account, or credit card number, often under the guise of updating account information.

Already in Use

A version of Web Caller-ID is already being used by EBay in a feature called Account Guard, part of an EBay Web browser toolbar that users of the online auction site can download for free. The feature detects suspicious behavior, such as Web URLs that disguise the true Internet address of the site the user is visiting.

Companies can license a Web browser plug-in from WholeSecurity, which can then be distributed to customers directly or as part of a Web browser toolbar. Alternatively, companies can sign up for an e-mail processing service from WholeSecurity that harvests information on phishing scams from spam e-mail or customer complaint e-mail sent to the company, WholeSecurity says.

A Web browser-based management console lets administrators view suspected phisher sites, file complaints against spoof Web sites, or fine-tune the Web Caller-ID technology to adapt to their company's Web site.

On the Rise

Reports of phishing attacks have skyrocketed in recent months, according to the Anti-Phishing Working Group (APWG), a joint industry-law enforcement group.

There were 1422 new, unique attacks reported to the APWG in June, a 19 percent increase over the previous month. Since the beginning of 2004, reports of the attacks have grown by 52 percent a month on average, the group says.

A survey of 5000 adult Internet users by research firm Gartner released in April found that the number of phishing attacks spiked in the last year and that around 3 percent of those surveyed reported giving up personal financial or personal information after being drawn into a phishing scam. The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner says.

Taking the First Step

Web Caller-ID is not a cure-all for the phishing problem, but is a good first step to provide comprehensive protection from the scams, says Howard Schmidt, former White House cybersecurity advisor and the current chief information security officer at EBay.

"These are some of the things we need to do moving forward--getting technology built into the Web browsers themselves to do these things," he says.

However, better user education and stronger security from online retailers, banks, and financial institutions is also needed to protect technically unsophisticated consumers from complex online cons like phishing attacks, Schmidt says.

"You can't put somebody in a car and tell them to drive, but not tell them what the brake and gas pedal are for," he says.

Re:Already sluggish... (2, Funny)

JohnGrahamCumming (684871) | more than 9 years ago | (#9991745)

Look if you are going to post the text of an article here, at least include the relevant URLs. The ad has been replaced by
Advertisement
Now how I'm I supposed to click through to the exciting, not to be missed, opportunity that the advertiser paid for!

John.

Re:Already sluggish... (1)

cuzality (696718) | more than 9 years ago | (#9992119)

Sounds like you would really enjoy a brand-new extension for Mozilla Firefox!

Tired of missing those great opportunities because of those annoying printer-friendly links? Try Ad-Bar [squarefree.com] from Squarefree!

Ad-Bar's special features:
  • adbar displays Google ads related to pages you view
  • because the ads are relevant, they are occasionally useful (THAT'S A PROMISE!)
When adbar isn't displaying ads from Google, it displays
  • Firefox-related things such as silly Firefox slogans
  • ads for other Mozilla software
  • and requests for donations to the Mozilla Foundation
Plus, Ad-Bar is tri-licensed (MPL, GPL, LGPL)! Mmmmm, taste that FOSS-goodness!

Phish sucks (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9991689)

Jokes been done before though

Technological solution to a social problem (3, Insightful)

wheany (460585) | more than 9 years ago | (#9991690)

I thought the general consensus was that technological solutions to a social problems don't work.

Re:Technological solution to a social problem (4, Insightful)

MindStalker (22827) | more than 9 years ago | (#9991795)

Hu? No, the general consensus was you can't legislate these problems away, ie spam, phishing etc.
User education is the most important, but technical solutions have to be used. Thats like saying you shouldn't bother with having a virus scanner, because people should all be taught to avoid viruses.

Re:Technological solution to a social problem (1)

sadcox (173714) | more than 9 years ago | (#9991818)

agreed...some people are going to have to learn the hard way not to give out sensitive information about themselves.

I say let's evolve, and let the chips fall where they may. But that's just me--I could be wrong.

Re:Technological solution to a social problem (0)

Anonymous Coward | more than 9 years ago | (#9991918)

I thought the general consensus was that technological solutions to a social problems don't work.

Not so. Many social problems could be solved by technology. For example, a large electrified fence around Harlem, or vitrifying Israel and Palestine with a nuke, would go a long way to improve the lives of many...

Anti-phishing toolbar for FireFox (4, Informative)

NewbieV (568310) | more than 9 years ago | (#9991693)

Spoofstick [corestreet.com] is a plugin for FireFox or Internet Explorer that can help identify 'phishy' sites while surfing.

It does take a little more real estate out of the browser's window, but it's a pretty useful tool when teaching people about the dangers of clicking links blindly.

Re:Anti-phishing toolbar for FireFox (2, Interesting)

TheOtherAgentM (700696) | more than 9 years ago | (#9991891)

The problem arises with this when a website has multiple domains to cover their content. That can confuse users. Multiple domains shouldn't be used just to serve media from another server, but I've seen it done. Also, what happens when you are drawing content from other domains? Will Spoofstick list all the domains?

Re:Anti-phishing toolbar for FireFox (2, Interesting)

Wizzo1138 (769692) | more than 9 years ago | (#9991990)

Sites like apple use other domains for their images. It looks like apple has recently changed a bit though. Instead of all images coming from akamai directly, they come from images.apple.com.

But...

ping images.apple.com
PING a932.g.akamai.net (38.115.177.150) 56(84) bytes of data.
64 bytes from 38.115.177.150: icmp_seq=1 ttl=57 time=30.6 ms

Re:Anti-phishing toolbar for FireFox (0)

Anonymous Coward | more than 9 years ago | (#9991973)

Sorry, wrong link, here is the correct one.

You mean... (5, Funny)

Black Parrot (19622) | more than 9 years ago | (#9991698)


...I wasn't supposed to give s1ashdot my credit card number to read this story?

Re:You mean... (0)

Anonymous Coward | more than 9 years ago | (#9991781)

s1ashdot

I find it amusing that a vendor's site from which our company places orders (inductors and such) actually redirects you to a similar-looking site, by replacing the "L" with a "1".

And yes, we've been ordering from them for years now.

Coilcraft [coi1craft.com]

Wrong Solution (4, Insightful)

Anonymous Coward | more than 9 years ago | (#9991699)

The proper solution to phishing scams is
1) Educate everyone not to give out confidential information to anyone.
2) Track the phishing sites and publically hang the owner. These things are not difficult to track by the very nature of the scam.

Re:Wrong Solution (2, Insightful)

MindStalker (22827) | more than 9 years ago | (#9991848)

In the US or UK maybe, but many of these sites are located in parts of the world where you can get anonymous internet access.

Re:Wrong Solution (2)

Wizzo1138 (769692) | more than 9 years ago | (#9992096)

Can you get a anonymous access with enough bandwidth to run a server? Or maybe they don't expect to have enough hits at any one time to actually care.

Re:Wrong Solution (1)

foidulus (743482) | more than 9 years ago | (#9992324)

Well, if they are expert phishers, then they probably have a few spare identities they can use to set up the server. And even if they aren't annonymous, you stll have the problem of the host country actually being able to/wanting to prosecute them. that isn't always a given....

Re:Wrong Solution (0)

Anonymous Coward | more than 9 years ago | (#9992117)

You just get on the site. You enter a credit card number that is being tracked by citibank. You follow the transaction. You find out who is getting the illegal stuff. Then, you arrange a blanket party. Video tape. Distribute.

Phishing attempts drop 99% in three months.

Re:Wrong Solution (0)

Anonymous Coward | more than 9 years ago | (#9992139)

An addendum to my first two posts: 21st century technology combined with old school justice. Can't beat it with a stick (but you can beat con artists with a stick).

Re:Wrong Solution (1)

celeritas_2 (750289) | more than 9 years ago | (#9991922)

Anyone even moderatly computer-literate can recognise a phishing scam, but there is no way anyone can educate the army of grandmas on the internet about phishing. The solution is closer to #2, there has to be a way to either kill the sites or put a giant 'fake site' sign on [sigh] MSIE becuase you know that firefox users know better :)

Re:Wrong Solution (1)

gcaseye6677 (694805) | more than 9 years ago | (#9991932)

Also important: educate companies who do business on the web to never send out legitimate requests for account updates via email. Most large companies would not do this, but some of the smaller players do not think about how this could cause major confusion and problems for users.

Re:Wrong Solution (need PK crypto) (3, Insightful)

j1m+5n0w (749199) | more than 9 years ago | (#9992290)

The proper solution to phishing scams is 1) Educate everyone not to give out confidential information to anyone. 2) Track the phishing sites and publically hang the owner. These things are not difficult to track by the very nature of the scam.

Don't forget

3) Use public key cryptography to verify the authenticity of sites you do business with.

-jim

Better Solution (0)

Anonymous Coward | more than 9 years ago | (#9992320)

Most of these phishing sites are set to get passwords and CC numbers. Solution: use one-time passwords as in Scandinavian banks [slashdot.org], for all things involving CC and money. The phishers can grab your passwords all they want, they'll be useless.

My rule is usually fairly simple (5, Insightful)

tekiegreg (674773) | more than 9 years ago | (#9991702)

Just don't click on any links via email to anything unless you solicited it (such as an email verification to a mailing list you're subscribing to). When I'm in doubt, all I do is type in the URL to the bank/brokerage/etc. web site myself (fire up browser and type in homepage URL), log in and find out if there is anything going on. Most such websites have a way to look at everything and take any needed action right away after you type in a user/pass.

*sigh* and on that note there is a sucker born every minute I suppose.

phishing automated reply (4, Funny)

djtech (513550) | more than 9 years ago | (#9991703)

What we need is a way to automatically reply to these phishing scams with bogus information. I'd like to be able to order everything sent in a spam message too with bogus information. Beat them at their own game!

Re:phishing automated reply (2, Funny)

introverted (675306) | more than 9 years ago | (#9991783)

What we need is a way to automatically reply to these phishing scams with bogus information.

The next time a banking official from Nigeria requests your assistance in getting some money out of the country, explain that you need to verify that he's "on the up and up" and ask him for whatever information the phishing site wants....

Re:phishing automated reply (1)

bmwm3nut (556681) | more than 9 years ago | (#9991864)

i would like to have a central list that we can send the links to phishing websites. then someone smarter than me could write a script that just goes through the sites and enters bogus info (that looks real). if we reduce their signal to noise, it'll become much less profitable for them.

Re:phishing automated reply (5, Interesting)

The Ultimate Fartkno (756456) | more than 9 years ago | (#9991955)

It's for mortgage spammers and not phishers, but I'm a fan of the Unsolicited Commando [astrobastards.net] project. It's a little Java app that spends its day filling out mortgage applications on spamvertised sites with completely believable - but totally bogus - personal data. The source is available so perhaps a clever person could randomly generate credit card numbers and adapt the program to attack phish sites.

Will this reach the intended users? (4, Insightful)

broothal (186066) | more than 9 years ago | (#9991723)

People who are likely to fall for the usual phishing techniques are, unfortunately, not likely to install any tools to prevent phising. Odds are, that they never knew it existed before they fell for it.

Anti-Phishing Tool (1, Funny)

Anonymous Coward | more than 9 years ago | (#9991748)

Visine?

phishers of men (4, Interesting)

celeritas_2 (750289) | more than 9 years ago | (#9991750)

I've tried to actually reply to some of the money-caught-in-forign-bank phish attempts and the only thing i get back is more and more phishing. I've failed to reach the point where they ask for your SSN credit card or my first born child. Either they're stupid and don't want my information, or they're smart and realize i know what they're up to.

Re:phishers of men (0)

Anonymous Coward | more than 9 years ago | (#9992009)

I've tried to actually reply to some of the money-caught-in-forign-bank phish attempts and the only thing i get back is more and more phishing.

Nigerian scams are not the same thing as phishing. The only one that comes close is the 419 scammer that claims he's with Barclays, but he's not even close to convincing, and he's not pretending that they have business with your account there, only a (fictional) account he "discovered" at the bank.

Re:phishers of men (3, Informative)

berkowow (805369) | more than 9 years ago | (#9992055)

It is a major misconception that the Nigerian e-mail scammers are after your bank account information. What they are actually running is an "advance-fee fraud." After you give them your account info and all the rest of that stuff, they will tell you that they were just about the send you the money, but that the bank needs you to pay a $500 fee to get the money out of escrow. If you wire them the $500 over Western Union, they'll come up with something else which needs to be done, e.g. a sick relative, a bribe to a state official, etc. They'll string you along with these advance fees for as long as possible. In some cases, they'll try to get you to go down to Nigeria yourself where you'll be kidnapped and held for ransom. The whole scam is remarkably low-tech, and not at all what most people expect.

Re:phishers of men (1)

celeritas_2 (750289) | more than 9 years ago | (#9992206)

It would make an interesting weekend going to Nigeria and beating up some scammers :) just remember to bring with you a few friends of the bouncer or kung fu variety.

It's just too damn profitable (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#9991754)

look at this guy [bbc.co.uk]. He made 8000 UK pounds just from fishing!
This guy right here [cdnn.info] is a kingpin of these fishing scams!

I have a fairly good anti-phishing tool (3, Insightful)

JosKarith (757063) | more than 9 years ago | (#9991766)

It's called a healthy dose of cynicism.
If somebody I have financial dealings with contacts me out of the blue to check my password/account number/mother's maiden name etc. I contact them back - not using the linkback on that e-mail but using the contact details from the documentation I got when I signed up. And I ask them if it's a scam or not.
And I don't reply until the bank/whatever has got back to me.

Re:I have a fairly good anti-phishing tool (1, Funny)

Anonymous Coward | more than 9 years ago | (#9991896)

Don't just stop there, whenever the gasman, the waterman, the lectric man, the phoneman, even members of your own family, ring on the front door and ask to come in to check something, call their company up.

On some occasions, a healthy dose of paranoia may be useful.

Fear Everything.

Here's my Anti-Phishing tool (4, Insightful)

Chanc_Gorkon (94133) | more than 9 years ago | (#9991778)

My Anti Phishing tool is my brain. I mean sometimes these phishing e-mails are nto even spoof so that they appear to come from the company that they are spoofing. Sometimes the website has graphics for the company they are trying to appear as and the URL is in CHINA! First off, No company shuld EVER ask you to click on a link and enter personal information for things. No mortgage company I know of will actually advertise in a spam and if they do, then your alert flag should go up. If you just use common sense, you should be more then able to determine if a web page or e-mail is a phishing attempt. Unfortunately, your grandma or your mom may not. I think that companies liek AOL need to add more training wheels to their service so to speak and help them with determining if something is legit or not. Would I ever load such software? No I would not because I don't need it....but my mom might.

Hmmm (2, Funny)

Anonymous Coward | more than 9 years ago | (#9991884)

My Anti Phishing tool is my brain. I mean sometimes these phishing e-mails are nto even spoof so that they appear to come from the company that they are spoofing. Sometimes the website has graphics for the company they are trying to appear as and the URL is in CHINA! First off, No company shuld EVER ask you to click on a link and enter personal information for things. No mortgage company I know of will actually advertise in a spam and if they do, then your alert flag should go up. If you just use common sense, you should be more then able to determine if a web page or e-mail is a phishing attempt. Unfortunately, your grandma or your mom may not. I think that companies liek AOL need to add more training wheels to their service so to speak and help them with determining if something is legit or not. Would I ever load such software? No I would not because I don't need it....but my mom might.

I don't know... I was told that phishing scams often played on misspellings, so my "red alert" flag is going up on your message.

so the cure to prevent phishing (2, Interesting)

Anonymous Coward | more than 9 years ago | (#9991816)


is to install a spyware toolbar ?

i have enough trouble persuading users NOT to install crappy toolbars and plugins as it is without people reccomending that they do,
MS ActiveX and to a lesser extent Mozilla's XPInstall xpi features coupled with uninformed users are the main reason spyware/malware exists and is so easy to exploit, can you explain the difference to a (l)user between a good plugin/toolbar and a bad one ?

security should be built into the browser

Phishing is a big problem for hosting companies (4, Interesting)

gtrubetskoy (734033) | more than 9 years ago | (#9991834)

Phishers need a place to host their fake sites, and hosting companies like ours are prime targets for phishers to set up their "collection points", and we see a lot of those.

My theory is that unlike the script-kiddies of the old days, 99% of all phishing is work of organized crime. I believe that they recruit users at ISP's in places where internet (or any for that matter) law is not enforced (like Kosovo), they provide people simple step-by-step instructions on what to do, give them lists of fake card numbers and pay them based on the number of accounts hacked (e.g. $1 for every 50 good passwords). The actual cleaning out of the accounts probably happens elsewhere and at a much higher level because you need a much more elaborate system for it (off-shore bank accounts, etc). At least if I was doing it, this is how I would set it up. The users appear to be not very smart - we often see weird typos, names spelled in all caps and other dead giveaways - why would ANNE FISHER from Ohio signup for a year of virtual hosting and register a domain XABCDFERNG.COM for 10 years?

We see that they are getting more elaborate in their attempts to sign up for an account. They try to use proxies or zombies now (because most same companies will flat out refuse any attempts to sign up from Indonesia, Romania, etc.).

A funny side note - we got a copy of a credit card statement from one of the unfortunate cardmembers whose card's been stolen as part of the "chargeback" report, and among various hosting accounts they signed up for, there was an $20 contribution to moveon.org - go figure!

Right now the best way to fight off phishers is to attempt to speak to the customer in person, it has worked 100% for us so far. But since this phishing thing is probably big money for some mafia boss, I think the motivation is there for them to get more technologically advanced, and I wouldn't be surprised if we start seeing fake VoIP phone numbers provided where the criminals would answer the phone in English and pretend to be cardmembers.

Another very unfortunate side-ffect of this is that it's the merchants who east the cost of it. For every instance of fraud, we get the funds withheld and transferred back to the cardmember (don't be fooled by those reports of "poor" cc companies bearing the cost of fraud!) AND we get slapped with an $25-$50 penalty by the CC processing company AND our rates go up. So it's almost in their interest that cards get stolen, it simply means more revenue for them. Now our services are "virtual", but for those who actually ship something physical (like a shirt), they get to eat the cost of that as well.

Re:Phishing is a big problem for hosting companies (1)

Kenja (541830) | more than 9 years ago | (#9992030)

"My theory is that unlike the script-kiddies of the old days, 99% of all phishing is work of organized crime."

This is very true, not only of Phishing but also of eBay scams and the like. Most of the "Work At Home for $$$$" style of adds are buying and selling items for the Russian mafia.

Re:Phishing is a big problem for hosting companies (2, Interesting)

swb (14022) | more than 9 years ago | (#9992266)

I've always found the credit card companies and banks ability to shift the financial responsibility onto merchants and users for their insecure system to be one of the greatest ripoffs in history. Merchants in particular take it up the dirt road -- chargebacks, penalties AND rate increases! And zero incentive for the people who created and control the system to do anything about it.

I hate to say "they should pass a law", but they SHOULD pass a law that pushes the cost of CC fraud back onto banks and the CC companies themselves. This would provide a much bigger incentive.

What's even better is that once the new bankruptcy bill goes into force, not only will banks not have to bear the burden of fraud, they won't have to bear the burden of irresponsible lending, either.

Backwards (2, Interesting)

RU_Areo (804621) | more than 9 years ago | (#9991839)

You can't put somebody in a car and tell them to drive, but not tell them what the brake and gas pedal are for

I think this statement is completely backwards. You can give someone the tools; ie. tell them what the gas and brake are for, but under no circumstances can you make them use them (properly) or understand the full consequences of not using them this is especially true for users who are not technically inclined.

List of IPs used by phishers (5, Informative)

Anonymous Coward | more than 9 years ago | (#9991866)

Phish Net [spamfo.co.uk]

Some folks here may find it usefull.

I just looked at the list (2, Informative)

G27 Radio (78394) | more than 9 years ago | (#9992040)

There are not many unique addresses in the list; most are repeated many times throughout the it. And there are a couple that just aren't valid IP addresses at all. Not much of a list yet, but good luck with it anyway.

Re:I just looked at the list (0)

Anonymous Coward | more than 9 years ago | (#9992335)

Thanks - its an early work in progress.

Cool phishing detection quiz (5, Informative)

frozenray (308282) | more than 9 years ago | (#9991877)


This [mailfrontier.com] nifty quiz can help you assess your phishing detection abilities. Recommended.

Whore (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#9991998)

You just stole that from a previous story.

Re:Cool phishing detection quiz (1)

lpangelrob2 (721920) | more than 9 years ago | (#9991999)

I did pretty good on that quiz, but the only one I got wrong was #4 (the U.S. Bank one). Interestingly enough, I don't really know why, unless it's because U.S. bank doesn't exist. The URL looks valid (it's of the form https://*.usbank.com/*), and the format of the quiz means you can't see where that URL is actually pointing to.

Is there something I can be doing better?

Re:Cool phishing detection quiz (3, Informative)

Anonymous Coward | more than 9 years ago | (#9992140)

100% .. was not that hard. Of course I stop phishing for a living. I only got the hotmail one because it was professionally written and mentioned only losing messages and addresses, something I know to be a fact of life about account expiration on hotmail and yahoo mail both. That it didn't say "your account will be suspended" or some other stern warning made it look less like a phish. All the others were just dead giveaways.

No one who wants your business is going to waggle their finger and scold you about taking action NOW or you will lose your account, the way most of the phishers do. Even if you haven't payed them -- they just suspend it and tell you to call them on the phone.

should be a firefox plugin (2, Interesting)

jdkane (588293) | more than 9 years ago | (#9991914)

Someone should create a phishing-detection extension for Mozilla. Does anybody have any ideas about how that would work efficiently/effectively? Same as EBay technology?

Re:should be a firefox plugin (2, Insightful)

jdkane (588293) | more than 9 years ago | (#9992033)

I should have added "free" extension, not restricted by licensing and/or money in general.

Re:should be a firefox plugin (2, Interesting)

Cheerio Boy (82178) | more than 9 years ago | (#9992084)

The Firefox plugin you're looking for is Spoofstick. [corestreet.com]

A little simple but it tells you exactly what site you're on.

They also have one for IE.

Nice try (0)

Anonymous Coward | more than 9 years ago | (#9991942)

an anti-phishing tool available that tries to detect fake websites.

I may be relatively new to the internet, but after my son cleaned my PC last month of a bunch of maluair, he told me to never install any tools for my internet, no matter how good it sounds. So you can hawk your "useful" tool as much as you want, I ain't biting.

Re:Nice try, indeed. (0, Flamebait)

teamhasnoi (554944) | more than 9 years ago | (#9992066)

If your son is the one 'fixing' your PC, what are you doing here?

Methinks you took a wrong turn by the AOL boards.

Re:Nice try, indeed. (0)

Anonymous Coward | more than 9 years ago | (#9992197)

% perl -e 'print teamhasnoi.hasSenseOfHumor()'
0
%

Firefox/IE (4, Interesting)

mrseigen (518390) | more than 9 years ago | (#9991989)

I've noticed that neither Firefox nor new versions of IE let you do the www.cnn.com@http://myattackersite.com phishing vulnerability; Firefox warns you (as long as myattackersite.com doesn't request authentication), IE just doesn't let you do it as far as I've seen (but this is hearsay; I haven't used IE in years).

SPF for Websites (1)

jeffy210 (214759) | more than 9 years ago | (#9992012)

What about using something similar to the Sender Policy Framework (SPF) [pobox.com] for web sites. Create a list of known good websites for your company, and if the browser attempts to access something say eBay related, it will look at eBay's SPF list and see wether it's an authorized server or not.

needs to happen (1)

Chuck Bucket (142633) | more than 9 years ago | (#9992052)

this needs to happen, but it's like a spam Blacklist, it's pretty much out of date once it's created! better would be to have ISPs build a lists and flag certain sites as possible phishing grounds, but there again, how up to date would they be?

Bottom line is, all of our parents/kids/friends need to know; don't give info out online unless YOU initiated the contact.

CB#__8&*(#@

A better start (3, Insightful)

portwojc (201398) | more than 9 years ago | (#9992104)

Web Caller-ID is not a cure-all for the phishing problem

How about actually going after the people doing the scams as a solution. Also the providers who don't shut them down.

I must have missed that part in the article. This is going to be just like the spam problem. It's a problem that the end user needs to deal with and not something to be corrected at the source. Well not until at least it gets to epidemic proportions.

Had a bit of a scare, recently (2, Interesting)

TomorrowPlusX (571956) | more than 9 years ago | (#9992245)

I got an email from Earthlink that looks SO MUCH like a textbook Phishing scam ( your credit card number's going to expire... ) that I deleted it the first couple times it came my way.

It kept on coming, however, and I decided to go to earthlink myself ( e.g., not clicking the link ) and see what the deal was.

Turned out, it was legit. Amazing.

The trouble here, really, is how do we handle legitimate email from banks, ISPs, etc?

What banks *should* do! (4, Interesting)

callipygian-showsyst (631222) | more than 9 years ago | (#9992256)

What banks (and eBay) should do is NEVER, EVER send an email to customers. Period.

And on their websites they should say on top: "REMEMBER: WE *NEVER* SEND YOU EMAIL ABOUT ANYTHING."

If you want to know something, you just visit eBay or your bank account.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...