Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Netcraft: 5,600 Phishing Sites Since December

timothy posted more than 9 years ago | from the not-good-news dept.

Privacy 181

miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

cancel ×

181 comments

Sorry! There are no comments related to the filter you selected.

Spelling (5, Funny)

Anonymous Coward | more than 9 years ago | (#12410091)

the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone

One could say the same for the /. trolls.

Re:Spelling (0)

Anonymous Coward | more than 9 years ago | (#12410143)

and editors

Re:Spelling (0)

Anonymous Coward | more than 9 years ago | (#12410288)

and posters

Spelling-The Untouchables. (0)

Anonymous Coward | more than 9 years ago | (#12410317)

The historical phrase everyone's looking for is "Cold War".

Re:Spelling (2, Funny)

releppes (829336) | more than 9 years ago | (#12410664)

Is that trolling for phish or phishing for trolls?

FP - Help (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12410092)

Can anyone help me? I have an account with amazing karma, that I plan to retire after the next three posts. I thought that I would perform karma suicide with it but, I can't figure out an effective way to do it in only three posts. What would you do?Can anyone help me? I have an account with amazing karma, that I plan to retire after the next three posts. I thought that I would perform karma suicide with it but, I can't figure out an effective way to do it in only three posts. What would you do?

Re:FP - Help (1, Informative)

ArsenneLupin (766289) | more than 9 years ago | (#12410250)

Can anyone help me? I have an account with amazing karma, that I plan to retire after the next three posts. I thought that I would perform karma suicide with it but,

From the contents of your post, you seem to be doing quite well, but ...

I can't figure out an effective way to do it in only three posts.

Yes, indeed, I think you haven't figured out one very important small detail...

What would you do?

Hmmm, ..., maybe log in?

Can anyone help me?

You're welcome!

Re:FP - Help (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12410295)

I hope that's you, garcia. I'm sick of your lies and anti-semitism.

Re:FP - Help (1, Funny)

lilmouse (310335) | more than 9 years ago | (#12410371)

Let me get this straight - you've got a great account with lots of karma, and you'd love to transfer it to me, but you first need to get the password. This will take $400US to do that... But, out of the goodness of your heart, and because you found my name on a reputable list, you're willing to share this account with me if I can help with half the $400US fee.

Great!

No, wait, wrong post - my bad. My account's karma is having problems, and SlashDot can't confirm some of my details. So, quick, go log into http://slashdt.org/login [slashdt.org] and give all your personal information before all your past posts are DELETED!!

Thanks - I'll check up on that.

--LWM

Timothy: (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12410099)

If I wanted your opinion, I'd beat it out of you. So shut the fuck or post it in a comment.

Netcraft... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12410106)

confirms it.

First Post?! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12410113)

fishy!!!!

It's official, phishing is dying!!! (0)

Anonymous Coward | more than 9 years ago | (#12410117)

Netcraft confirms... Sorry, I couldn't resist.

on the positive side (spf) (1)

nexus987 (683456) | more than 9 years ago | (#12410681)

On the positive side of things, a lot of companies (ebay, paypal, citibank, amazon, etc, etc) are now publishing spf records to help detect forgeries.

Grammar surrenders (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12410119)

...makes the full list available of phishing sites...

Try:

...makes the full list of phishing sites available...

Submit a new site, get a gift? (5, Interesting)

Kozz (7764) | more than 9 years ago | (#12410122)

Funny thing, I submitted a phishing site to Netcraft and was notified that it was a new one to their database, and what do they do?

They ask me to reply to their email address with my full name, street address so that they can send me a "gift". I don't know what it is (haven't received it yet), but thought it ironic that they were soliciting information in a phishing-style.

I sent them the address so they can send me a gift (t-shirt? who knows) since I knew I had contacted THEM about the particular phishing URL, and the info they requested could be gleaned by someone who wanted to find out, but found it humorous nonetheless.

Anybody know what is this "reward" they mail you? I'm curious.

Re:Submit a new site, get a gift? (3, Funny)

netcrusher88 (743318) | more than 9 years ago | (#12410152)

Maybe they send you fish?

Re:Submit a new site, get a gift? (1)

peculiarmethod (301094) | more than 9 years ago | (#12410160)

A video of them laughing at you.

I play mine at LAN parties.

Re:Submit a new site, get a gift? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12410174)

thought it ironic that they were soliciting information in a phishing-style

A phishing site attempts to trick you by posing as another site. You were being offered a gift from Netcraft itself, after having submitted information to Netcraft. How is this "phishing-style"?

It's a simple reward. Not every gift is booby-trapped.

Re:Submit a new site, get a gift? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12410178)

The gift you'll get from Netcraft is BSD's cadaver, he just died from a slashdotting...

Re:Submit a new site, get a gift? (0)

Anonymous Coward | more than 9 years ago | (#12410182)

A fish?

Re:Submit a new site, get a gift? (5, Informative)

doofusclam (528746) | more than 9 years ago | (#12410293)

Anybody know what is this "reward" they mail you? I'm curious.


Well according to this: http://news.earthweb.com/security/article.php/3454 601 [earthweb.com] :

If a person is the first to submit a link to a new phishing site, the user receives a free prize, such as a coffee mug. Miller said other offerings are in the works as well. An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.

Re:Submit a new site, get a gift? (4, Funny)

EvilTwinSkippy (112490) | more than 9 years ago | (#12410360)

An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.

Or they can collect on their winnings immediately by clicking on this link, with their accound name and password to paypal ...

Re:Submit a new site, get a gift? (0)

Anonymous Coward | more than 9 years ago | (#12410713)

You get a mug with the Netcraft logo. Larger than the average mug so it holds loads of coffee. Next prize up a sweatshirt with their logo on it. Friend of mine is up to 20 reported sites and has yet to discover prize 3.

Re:Submit a new site, get a gift? (1)

Sponge Bath (413667) | more than 9 years ago | (#12410329)

Anybody know what is this "reward" they mail you?

Wouldn't you like to know? It was a lovely little phish.
And it went wherever I did go.

Re:Submit a new site, get a gift? (4, Insightful)

aaamr (203460) | more than 9 years ago | (#12410415)

Doesn't it make more sense to report the site to the service provider so it gets shut down?

Last one of these I encountered (an eBay phishing scheme) was hosted on Comcast's network. To Comcast's credit, the site was inaccessible within 2 hours of my reporting it, and I got a very prompt response by email to my report.

Re:Submit a new site, get a gift? (2, Funny)

morcego (260031) | more than 9 years ago | (#12410746)

Yes, no one ever doubted the hability of Comcast in making things go offline.

Re:Submit a new site, get a gift? (1)

chris_mahan (256577) | more than 9 years ago | (#12410562)

Yeah, but maybe you just thought you reported the site to Netcraft. Maybe it was that crafty phisher Netrcaft, who, under pretense, posed. You of course, were fooled by the "BDS is dying..." as the first story...

Ok, Bad Joke. Back to work/.

YAY! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12410127)

FP finally!!!

Phish Samwitch (1)

WwWonka (545303) | more than 9 years ago | (#12410128)

Is anybody proactively going after these sites with their "l33t sk1llz" when they run across them in their own mailbox?

--Justin Wondering

Re:Phish Samwitch (1)

Ithika (703697) | more than 9 years ago | (#12410274)

I hate to break it to you, but that would be reactive and not proactive.

One Day (3, Insightful)

ericschoon (814346) | more than 9 years ago | (#12410139)

The phishing community will learn to read an write in a professional manner. When that day comes, the world will end

no wait.... only those gullables will find themselves in trouble.

Phishing is only a problem when you aren't paying attention.

Live Bait (2, Insightful)

Doc Ruby (173196) | more than 9 years ago | (#12410144)

The great crime in this phishing system is at the Patent and Trademark Office. We fund the office, subsidizing corporate IP owners by defending their IP. But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing. How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?

Re:Live Bait (1)

hsmith (818216) | more than 9 years ago | (#12410220)

probably because it costs less money to pay out chargebacks and do nothing to help repair stolen credit compared to paying a swarm of lawyers to track down phishers

Re:Live Bait (1)

rainman_bc (735332) | more than 9 years ago | (#12410836)

probably because it costs less money to pay out chargebacks and do nothing to help repair stolen credit compared to paying a swarm of lawyers to track down phishers

Bingo - I think you got it. The chargeback hits the merchant. The credit card company really pays nothing anyway AFAIK.

IMO, it's perfect. The purchase occurs, and the merchant pays the piper.

Imagine this economy for a second now:

1) Phishing scam begins
2) Customer CC#'s are stolen
3) Computer gear is purchased with stolen CC#
4) Phisher sells gear on black mkt
5) Phisher takes money from selling gear to buy cocaine
6) Cocaine dealer launders money
7) And on and on through money creation scheme...

Bring down Phishing, and you've collapsed a money making sector of your economy ;)

(Maybe I'm being unrealistic here)

Re:Live Bait (1, Informative)

Anonymous Coward | more than 9 years ago | (#12410230)

The PTO doesn't enfore antything. It only grants or revokes. Enforcements take place at courts and usually only after charge by the patent/trademark holder.

Re:Live Bait (1)

liquidpele (663430) | more than 9 years ago | (#12410257)

Are you serious?
So instead of the whole Fraud thing, we shoud nail them for trademark stuff?
I do agree that these companies should be doing more to protect their customers though.

Re:Live Bait (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12410267)

Insightful? Interesting? Who modded this spew of disorganization up?

"But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing."

This is because it's left to the trademark owners, not the PTO.

"How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?"

Should *you* be held liable if someone uses *your* identity to scam others? If someone nabs your SIN and starts causing mischief, should you have to come up with thousands of dollars to make things right again?

So what is your post advocating? Should the copyright holders be proactive, or the PTO?

Re:Live Bait (3, Insightful)

Rasta Prefect (250915) | more than 9 years ago | (#12410501)

The great crime in this phishing system is at the Patent and Trademark Office. We fund the office, subsidizing corporate IP owners by defending their IP. But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing. How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?

First off, phishers are _hard to catch and prosecute_. They're often located in other countries using and/or using compromised resources such as zombified home machines to serve their pages. They're committing fraud, they're not going to stop because Citigroup sends them a cease and desist. Thats like saying the real crime of the war on drugs is that the IRS hasn't dragged in all of these drug kingpins for not paying taxes.

Secondly, who the hell is subsidizing anything? The Patent Office takes in more in user fees than it spends - It's a yearly budget battle for them to keep more of what they bring in, not to get more money from congress. They've been totally user fee supported for at least 12 years now.

Money Trees Patented. (0)

Anonymous Coward | more than 9 years ago | (#12410794)

"Secondly, who the hell is subsidizing anything? The Patent Office takes in more in user fees than it spends - It's a yearly budget battle for them to keep more of what they bring in, not to get more money from congress. They've been totally user fee supported for at least 12 years now."

Explains the explosion in patents, and copyright, doesn't it?

Re:Live Bait (1)

ZipR (584654) | more than 9 years ago | (#12410521)

Perhaps some big corporation should patent phishing and not use it, but instead go after those who infringe on their patent.

Re:Live Bait (0)

Anonymous Coward | more than 9 years ago | (#12410812)

For the record, they are. I work for the comapny that that does some of it for them; they are very concerned about the problem for a number of reasons

I say fuck 'em. (-1, Flamebait)

Neil Blender (555885) | more than 9 years ago | (#12410146)

If you are so stupid as to be burned by a phisher, you deserve it. People need to wake up an learn that the internet is not a safe place and never will be.

Re:I say fuck 'em. (0)

Anonymous Coward | more than 9 years ago | (#12410489)

There are many ways to get burned.

A friend of mine was asking about this Korean Tech company that was looking for a European sales rep. Wanted to know if I knew the company.

Had a look at the site, and it looked extremly legit. No Phishing about it. However I didn't reconise the company and further checking realised it didn't exist (wasn't easy).

Show some checking around here is how the scam worked.

You would be employed as a sales rep that is required to move cash to the main company. You have to give them a whole load of details, and then they ask you to set up a bank account (with a certain bank). When sales are made you are supposed to send it via western union (minus the 10 percent cut).

However there were no sales, instead phished bank accounts would get emptied and transferred to the employees account. When the cops come looking the guy sending the cash gets nabbed and the thieves disappear.

To be honest I don't get caught out by the stupid phish attempts, but if it wasn't for the Western Union part of the job no alarm bells would of sounded in my head.

Gasp! (1, Redundant)

jleq (766550) | more than 9 years ago | (#12410158)

I'm going to get paid $2 million to transfer $14,000,000 worth of money from the All-Super Bank of Nigeria to an undisclosed location? Sounds too good to be true! Oh, wait...

Re:Gasp! (1)

DeionXxX (261398) | more than 9 years ago | (#12410272)

The nigerian scams aren't Phishing scams.... Phishing scams are the emails you get from your bank or paypal saying that you need to update your information. The link in the email is to a page that looks exactly like your bank's page, but the information you submit goes to the crooks. So they have your bank information or paypal information or whatever.

Re:Gasp! (1)

eric76 (679787) | more than 9 years ago | (#12410362)

I'm going to get paid $2 million to transfer $14,000,000 worth of money from the All-Super Bank of Nigeria to an undisclosed location? Sounds too good to be true! Oh, wait...
The nigerian scams aren't Phishing scams.... Phishing scams are the emails you get from your bank or paypal saying that you need to update your information.

Maybe he has a Nigerian Express credit card and phishing scams on Nigerian Express credit cards work that way.

In other words, he gets an e-mail saying that he needs to update the information on his Nigerian Express credit card and if he does it immediately, they will give him a credit of $14,000,000 of which he can keep $2,000,000.

Fishing scam? (-1, Offtopic)

notherenow (860367) | more than 9 years ago | (#12410159)

So, there's no midget fucking a cow? I deserve better!

firefox toolbar? (2, Interesting)

bdigit (132070) | more than 9 years ago | (#12410164)

Is there any toolbar available for firefox? This would be a great thing to install on my relatives computers or anyone's computer for that matter.

Re:firefox toolbar? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12410196)

It would better serve the community if you just killed them all, now.

Re:firefox toolbar? (0)

Anonymous Coward | more than 9 years ago | (#12410242)

The phishing sites, the computers or the relatives?

Re:firefox toolbar? (1)

XFilesFMDS1013 (830724) | more than 9 years ago | (#12410866)

Or all of them..... *cue ominous music*

Re:firefox toolbar? (3, Informative)

Rude Turnip (49495) | more than 9 years ago | (#12410287)

Firefox one-ups this already by doing 2 things:

1. Encrypted URLS turn the address bar to a gold color to remind you that you're on an encrypted site. And, more importantly,

2. In the lower right hand corner of the screen, Firefox tells you the name of the site to which the digital signature certificate is assigned.

Re:firefox toolbar? (3, Insightful)

elid (672471) | more than 9 years ago | (#12410459)

Yes, but that's probably too difficult for the average relative to understand.

Re:firefox toolbar? (1)

liquidpele (663430) | more than 9 years ago | (#12410533)

First of all, the gold color address bar idea is the same as IE with SP2, where it also happens.
Second, Phishing sites can be encrypted too, that's stupid to say just because it's encrypted it's safe. As for the site giving the certificate, if they trust a site called "http://128.61.33.532/citibank/login.html" then do you really think they will look for encryption information?

Re:firefox toolbar? (1)

SirTalon42 (751509) | more than 9 years ago | (#12410609)

Most browsers will show a warning when it sees the certificate is invalid/signed by someone you don't trust. Though if they don't understand the "THIS SITE'S CERTIFICATE CAN NOT BE TRUSTED" message, then I don't think theres anything that could help them short of not being allowed to use the computer.

Re:firefox toolbar? (1)

Schreckgestalt (692027) | more than 9 years ago | (#12410771)

Most browsers will show a warning when it sees the certificate is invalid/signed by someone you don't trust.

Wrong. Most browsers show a warning when they see that the certificate has not been bought by someone a certificate authority deemed trustworthy. If you generate your own certificate, that will most probably cause such a popup. But have you ever clicked 'OK' on a popup from Amazon, Ebay, Hotmail or any other SSL'd site? I guess not, because there was none.

Re:firefox toolbar? (1)

liquidpele (663430) | more than 9 years ago | (#12410850)

The message you refer to is a lot less alerting than that, and in fact looks almost like the other stupid stuff people just click through. So no, that doesn't help as much as you claim.

"Continuously encrypted list"? (1)

Animats (122034) | more than 9 years ago | (#12410187)

Yet the list of "phishing" sites is apparently encrypted. That helps out the crooks.

Is that list being provided to law enforcement?

Re:"Continuously encrypted list"? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12410260)

You assume law enforment is actively interested in going after phishing sites.

Re:"Continuously encrypted list"? (0)

Anonymous Coward | more than 9 years ago | (#12410283)

You are assuming that law enforcement is interested in pursuing phishing sites.

I don't see why (0)

Anonymous Coward | more than 9 years ago | (#12410420)

There's no point in this "encryption" since the toolbar client obviously knows how to "decrypt" it without a passphrase or anything. Probably just some lame encoding scheme like the script kiddies use to obscure their hidden password files.

why isn't the list free? (0)

Anonymous Coward | more than 9 years ago | (#12410203)

Why should people have to pay for this list, when it is submitted for free by netizens? Or is the "gift" supposed to be your payment?

Neat idea. (4, Interesting)

going_the_2Rpi_way (818355) | more than 9 years ago | (#12410204)

The only problem that I see is that those people with the Netcraft toolbar are probably already in the low-risk category for this type of scam (although I guess the fact that they install toolbars at all makes it a slightly more at risk group) since they're reasonably aware of the problem. Still, Netcraft continues to impress me with excellent tools and insight on web traffic and secuirty trends. A daily must-read for webmasters, far more so than Alexa.

Darn Toolbar (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12410209)

Hey! The toolbar blocked my PayPal look-a-like fan site! What gives?

New sites: ouch! (4, Insightful)

jfengel (409917) | more than 9 years ago | (#12410221)

One of the factors that goes into the risk rating is the age of the site. That's a good insight: phishers tend to create new sites often, as the old ones get closed down or are simply dropped.

But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?

I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?

Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.

Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.

Re:New sites: ouch! (1)

EvilTwinSkippy (112490) | more than 9 years ago | (#12410331)

Watching the escalation of tactics is going to be fascinating.

After all, technical solutions have worked SOOOO well against Spam, and email worms.

/dripping sarcasm

Re:New sites: ouch! (1)

liquidpele (663430) | more than 9 years ago | (#12410407)

Yup! Gmail works fantastic in regards to those.
Using Thunderbird or Outlook are you?
Both of those have worked badly for me with spam blocking and virus detection...

Re:New sites: ouch! (1)

jacksonj04 (800021) | more than 9 years ago | (#12410540)

SpamBayes plugin for Outlook works quite nicely - http://spambayes.sf.net/ [sf.net]

Re:New sites: ouch! (1)

liquidpele (663430) | more than 9 years ago | (#12410608)

how many slip through, and how many false positives do you usually get a month?
asking just out of curiosity... I havin't used outlook in a long while.

Re:New sites: ouch! (1)

imroy (755) | more than 9 years ago | (#12410843)

After all, technical solutions have worked SOOOO well against Spam, and email worms.
/dripping sarcasm

Some do, some don't. I find that most of my spam is now caught by various RBL's like Razor/Pyzor, and DCC. Plus a few of the new tests added in SpamAssassin [apache.org] 3.0. Bayesian scoring seems to do very little now, the spammers have found ways to obscure words so that they don't attract attention. But SA (even before 3.0) has tests for those tricks as well. Plus Clam AV [clamav.net] appears to be adding new signatures for common phishing attacks. I sometimes see phishing emails flagged as viruses (by Clam AV) instead of spam (by SpamAssassin) because of this. I use Amavis new [www.ijs.si] to tie SpamAssassin and Clam AV together into a filter system at the MTA (postfix) level.

How to catch them... (1)

John Seminal (698722) | more than 9 years ago | (#12410428)

One of the factors that goes into the risk rating is the age of the site. That's a good insight: phishers tend to create new sites often, as the old ones get closed down or are simply dropped.

Force the people who register URL's to have proof of who is buying the domain. Force them to have a credit card to buy, and force them to give a phone number and address that must be verified prior to making the URL go live. Banks do this, they check your social security number, they check your home address. Why can't we do that with URL's?

Then when a central government agency see's domain after domain from the same person going down, they can track him. If the person uses others to buy the domain, once the government tracks them all down and threatens them with jail time, chances are one of them will give away the guy.

Re:New sites: ouch! (1)

alexhohio (871747) | more than 9 years ago | (#12410673)

I thought the rule was pretty much: If you know what phishing is, you aren't going to fall for it... (I read that in a Reader's Digest article, no joke, but I have heard it said many times long before I read the RD article.) I actually did get a letter from PayPal that I thought was phishing- i forwarded it to ebay and they said it was a legit letter. That's beside the point, because I cancelled my PayPal account because of their fee increases, but I digress... I am more worried about a browser hijack leading to pharming...

netcraft charge to access the list (0)

Anonymous Coward | more than 9 years ago | (#12410277)


who said you can't make money from phishing !

Phishers Getting Good (1)

EvilTwinSkippy (112490) | more than 9 years ago | (#12410299)

Not only are these fishing sites sneaking past my spam filter, one came worded as an alert that someone was misusing my Ebay account. Of course, I knew it was a fake before I even checked where the URL was going, but man, someone spent a lot of time thinking it up.

I'm not admiring them. I'm not trying to understsnd them. I just look at it like "what an utter waste of a mind."

Re:Phishers Getting Good (2, Informative)

Spy der Mann (805235) | more than 9 years ago | (#12410426)

but man, someone spent a lot of time thinking it up.

Hint: Enable "full headers" on your e-mail. That way you won't spend a second before hitting the delete button.

Re:Phishers Getting Good (1)

EvilTwinSkippy (112490) | more than 9 years ago | (#12410705)

Dude, I do this for a living. Unless you are intimately familiar with the IP addresses of every host you receive email from, you are wasting more time peering through the headers than employing common sense.

And I don't just delete the message. Phishing Scams like these I actually forward on to Pay Pal and Ebay's fraud units. It takes a few extra minutes, but it helps me sleep better at night.

Lazy Getting Good (0)

Anonymous Coward | more than 9 years ago | (#12410510)

"I'm not admiring them. I'm not trying to understsnd them. I just look at it like "what an utter waste of a mind.""

I get the same feeling everytime I read a copyright thread.

Other ways to filter phishers out... (2, Insightful)

yotto (590067) | more than 9 years ago | (#12410343)

it used to be easy to toss out the trawlers based on their spelling alone.

I've always detected the trawlers by the fact that they're asking me to give them information via email.

Re:Other ways to filter phishers out... (1)

MandoSKippy (708601) | more than 9 years ago | (#12410730)

Actually, I once received a request from Cisco to give them my CC for a RMA we were doing. (it was a legit request.. they needed me to pay for something.. it was illegit method of delivering the info.) I cried foul and went up the ladder several levels eventually getting to someone high up. I stated that in the world of phishing attacks and such, that to have a "reputable" networking company ask for a CC number via email was awful. I got a free PIX 506e with free shipping out of the deal. They were stupid and they knew it.

Slashdot Announcement (5, Funny)

x.Draino.x (693782) | more than 9 years ago | (#12410377)

Dear Slashdot Reader,

We regret to inform you that our subscription database was lost in a major crash. In order to continue your advertising-free dupe ridden news service, we require you to verify your account details. Please have your credit card handy and head on over to Slashdot Subscription Verification [slashd0t.org] to verify your account. Once again, we apologize for the mis-hap.

Sincerely, teh Taco.

Re:Slashdot Announcement (1)

kmortelite (870152) | more than 9 years ago | (#12410583)

If I had mod points, you'd get 'em all. :-)

Re:Slashdot Announcement (2, Funny)

mattjb0010 (724744) | more than 9 years ago | (#12410773)

Please have your credit card handy and head on over to Slashdot Subscription Verification to verify your account

The site you linked doesn't work. For the record, my credit card details are:
Name: Mr John Citizen
Visa Card number: 4940 5233 1123 0876
Expiry: 06/07
3 digit verification number: 666
Billing address:
202B King William Road
Hyde Park, SA 5061
Australia

BSB (branch routing) number: 065-332
Account number: 00222334
Pin number: 3356 ( MY MOTHER'S DATE OF BIRTH )

What we need are a new set of laws... (2, Interesting)

John Seminal (698722) | more than 9 years ago | (#12410398)

It seems the real crooks like the dark shadows, they don't like being seen. The old addage of don't walk alone at night, walk in lighted places, ect... how do they translate for the world of the internet. With the web, there is more anonymity. It is just what the crook wants, a place where they can do their crimes and not be seen. Plus, it is easier to give the perception that you're in a nice well lite area, it's safe here. You can't fake that kind of perception in a ghetto.

The obvious responce will be more laws. Laws that will take away the freedom of the non-criminal. The RIAA is forcing ISP's to hand over IPA's. Commercial websites track customers. How long until the web requires authentication just to do anything?

I hope the government really hurts the first people it catches. But until the laws change, I doubt it will be that bad. If you could rip off 1,000 people for $1,000,000, would you? What if it meant 5 years in prision, and you could hide the money so it was there when you were released?

Re:What we need are a new set of laws... (1)

qwijibo (101731) | more than 9 years ago | (#12410678)

The internet is a bad neighborhood. Just assume that and you'll be fine.

Authentication is all nice in theory, but the disconnects between you in real life and online make it impractical. Look at all of the zombie PC's on the net - someone could successfully authenticate as any of those people.

The attraction of ID theft and related fraud is that it's so difficult to catch people and the courts haven't been able to figure out how to handle it yet. As you've noted, the cost/benefit analysis comes out in favor of the criminal currently. The system isn't set up to deal with people who are clearly sociopathic. Each individual crime is small, and the system treats it that way. There are class action lawsuits to go after companies who behave this way. There is no recourse against an individual with no significant assets.

What we need are a new set of villians. (0)

Anonymous Coward | more than 9 years ago | (#12410728)

"There are class action lawsuits to go after companies who behave this way. There is no recourse against an individual with no significant assets."

Doesn't stop the RIAA/MPAA from trying though.

Assuming you don't get a email from the bank (1)

crovira (10242) | more than 9 years ago | (#12410768)

warning you that they're having problems and would you please confirn your SSN and bank account number.

Bwahahaha.

How the Netcraft toolbar works. (5, Interesting)

Anonymous Coward | more than 9 years ago | (#12410451)

I actually looked into making a Firefox extension that worked with the netcraft phishing list. that you get from using their toolbar. I'm still just learning to code Firefox plugins, so I thought it would be a fun exercise. I put it aside for now since there is a big "DO NOT REVERSE ENGINEER OUR SOFTWARE" type notice in the install license, and I still have a long ways to go in learning to program Firefox extensions. I figured out how it works by reading the log file, is that reverse engineering these days?

Anyway, how the blocker works is pretty nifty, the toolbar creates an MD5 hash of each the url you visit, then compares it to a file that the toolbar auto-updates with the MD5 hashes of the bad urls. To figure out where info is coming from, take a look at "blocked.log" in the Toolbar directory, you'll see the lines that update "blocklist.dat". The only problem I saw is that www.badsite.com/bleh.html might be in there, but www.badsite.com itself might not be, even if both are really the same page.

I still think the best anti-phishing software would be a program that just notices when you are doing something really boneheaded. It would do things like shout "Hey, that's your ebay username and password and this isn't ebay! Are you sure you want to do this?" and "This page isn't posting to an encrypted page and that is a credit card number! Are you sure about this?". Just my little idea, I'm sure there are plenty of problems with it.

They did the easy part... (1)

mathmatt (851301) | more than 9 years ago | (#12410506)

Netcraft has tracked and blocked 5,600 known phishing sites

Yes, but how many unknown phishing sites have they tracked and blocked?

Known unknown or unknown unknown? (0)

Anonymous Coward | more than 9 years ago | (#12410667)

Known unknown or unknown unknown?

The biggest problem... (3, Interesting)

krbvroc1 (725200) | more than 9 years ago | (#12410520)

The biggest problem is the inability to email a person who cares at a lot of these places. In the past two weeks I've tried to find contacts for domains that were hosting ebay phishing pages. Emails to 'support', 'webmaster', internic domain contacts all go unanswered and the sites remain. I reported this one a week ago, its still up: http://210.0.213.115/~homepage/Secure/eBay/cgi-bin /index.php [210.0.213.115]

Re:The biggest problem... (2, Insightful)

hendersj (720767) | more than 9 years ago | (#12410580)

Amen to that - I had the same experience with eBay - I am NOT signing up to tell them that someone is trying to scam their customers. Make it easy for me to report, or I'll just bin it.

After all, if they don't care enough to make it easy to report phishers abusing their name, why should I make the effort to find out how to report it to them?

Re:The biggest problem... (1)

I kan Spl (614759) | more than 9 years ago | (#12410666)

That one is hosted from a luthrian school somewhere that speaks Chinese. Here is there contact information, but don't speak the language so I'm not sure that they would be able to read it if I were to send one.

mailto:lck@lck.mysch.net [mailto]

Go Syria! (1)

DoorFrame (22108) | more than 9 years ago | (#12410529)

With a staggering 1 out of 14 websites in Syria categorized as a phising site, I'd like to congratulate Syria for doing a staggeringly good job...

Eh, I can't even think of a joke. One out of every 14 sites? Jeez.

Perhaps it's time for a little liberation?

still easy to recognize... (1)

HTL2001 (836298) | more than 9 years ago | (#12410546)

"it used to be easy to toss out the trawlers based on their spelling alone."

while true, they all still contain some form of 'verification' and urgency to the request. I see 'verify' or 'confirm' and I didnt recently sign up for a forum or ask for a password reset, I get rid of it

Phishing Sites (4, Funny)

SpaceAdmiral (869318) | more than 9 years ago | (#12410558)

I've visited Phishing sites before, but I just don't get it. You'd have to be stoned or something to appreciate their music.

Catching them (1)

McGiraf (196030) | more than 9 years ago | (#12410565)

Why are they so hard to catch?

My wife doesn't need it on her Win2K box. (1, Funny)

crovira (10242) | more than 9 years ago | (#12410638)

She's friggin paranoid and doesn't give out ANY info unless you're standing right there in front of her and you'd better not be planning to go anywhere cause she'll take her info back before you do.

She uses FireFox and ThunderBird, (fuck IE and Outlook,) despite knowing barely enough to switch on the machine.

My wife... I think I'll keep her. :-)

As for me... She's taught me well.

CNet's site been mined for addresses so I got that crap from them (maybe CNet is in worse financial shape that they're letting on,) but its done the phishers no good.

If I don't already know you, you're going to end up in my Mac's 'Junk Mail' folder.

hard? (1)

Tom (822) | more than 9 years ago | (#12410796)

it used to be easy to toss out the trawlers based on their spelling alone.

And it still is. I don't have an account with the First Whatever Bank, so it must be spam. I know that neither paypal or ebay will send me mail asking for my password. I know that my bank doesn't even know my e-mail address.

What is wrong with you people?

Okay, so netcraft (0)

Anonymous Coward | more than 9 years ago | (#12410826)

is not making the list publically available ? *shrug* I couldn't find it in any of those links.. lotta good this will do the community.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>