Domain: antiphishing.org
Stories and comments across the archive that link to antiphishing.org.
Comments · 19
-
Getting their attention
It's hard getting the attention of some vendors. I see vulnerabilities in a slightly different context - hacked web sites hosting phishing pages. We distribute a list of major domains being exploited by active phishing scams. This is obtained by processing PhishTank data, and we do this because we want to reduce the collateral damage from a tough blacklist system. At any given time, there are about 30 to 80 domains on the list.
Some sites get themselves off the list quickly. By now, most of the better free hosting services and short-URL services are automatically checking PhishTank and the APWG blacklist to see when they've been hit. Today, if you run a service where anybody can put up a page that could be used for phishing (i.e. it's not full of your own headers and banners), you need automation to deal with attacks. I've been in contact with the abuse guy at "t35.com", which is a free hosting service. They've recently been hit by a flood of phishing attacks, with several hundred new reports in PhishTank per day. The attacks were coming in faster than the abuse guy could clean them out. They're now gaining on the problem, but haven't squashed it yet. Take-away lesson: automate this.
The ones near the top of the list have been there for a while. Note the dates, which are the date that the oldest phishing report still online and active appeared in PhishTank. Some just need help. Typically, these are small organizations like churches and nonprofits that have had a break-in and were partially taken over by a phishing site. I send them the Anti-Phishing Working Group's "What To Do if your Site Has Been Hacked". Sometimes I give them a phone call. They deserve sympathy.
Then there are the hard cases. These are sites with no visible contact address, or a clueless abuse department. At the moment, Google Sites and Google Spreadsheets are being used for phishing. Google is new to the free hosting business, and the phishers have discovered some tricks that Google can't yet handle. While Google puts a "report abuse" link on their site pages, it's possible to set up a file for downloading on Google Sites, and an HTML page can be served that way, without Google's abuse checking. There's also an exploit of Google Spreadsheets. That one is an example of Habbo Hotel phishing. We've reported these to Google several times, but they haven't been fixed yet.
We've been seeing a new type of attack recently - a phishing operation breaks into a shared hosting server and plants phishing pages on multiple domains on a single server. One of these hit one of the mysterious "*.websitewelcome.com" servers, which has "cloaked domain registration" and no useful default web page. These seem to be associated with "ThePlanet.com", but whether ThePlanet operates them, is providing wholesale hosting, is providing colocation, or is just the upstream connectivity provider is not clear.
Hiding the contact information of a hosting provider is legally unwise. The hosting provider may lose the "safe harbor" protection of the the DMCA. The "safe harbor" provision for "Information Residing on Systems or Networks At Direction of Users" only applies if "the service provider has designated an agent to receive notifications of claimed infringement... by making available through its service, including on its website in a location accessible to the public, and by providing to the Copyright Office, substantially the following information: the name, address, phone number, and electronic mail address of the agent." So when the RIAA or the MPAA come calling, a likely event for a hosting service, they get
-
Re:Weird one word spam lately...
"The latest trick in the spam arsenal seems to be a crack at social engineering with emails that purport to be from Ebay, Bank of America or whatnot. If you click on the link, and the URL isn't even close to the purported source of the email, it takes you to the spammers web site where the actual marketing is done."
Ever heard of "phishing"? http://www.antiphishing.org/ -
Educate, educate, and try to solve the issue
On several fronts...
I think it is a interesting to see that researchers are trying to find ways to get Joe/Jane user to recognize that WYSINWYG with every website they visit. So maybe there are a few flaws in these folks' ideas... but they're trying to get education out (at least, on some level).
Educate yourself about the changing face of phishing. Help other folks by helping them understand phishing. Don't hesitate to try to find a way to reduce phishing.
Report phishing... if you can report it to the people whose site is mimiced, then do so. At least, you can report the phishing attempt to The Anti-Phishing Working Group .
By the way, sometimes I'm a little slow (what's new?)... for those of you like me who didn't know what "PEBKAC" meant, here's the Wikipedia definition. -
Educate yourself, OTHERS, and report...
It's important to educate oneself about basic security. Don't click a link in any email that refers to PayPal. As a matter of fact, there are few reasons to click links in any emails.
Just as important, seriously, educate others. Don't mumble "Darwin" or "figure it out yourself" when you can help someone else protect themselves or educate themselves about security threats.
Always report PayPal phish attempts to spam@paypal.com.
There's an excellent set of resources about phishing in general - and you can report phishing attempts at: antiphishing.org.
Not to be repetitive, but the best way to make a difference (in this case) is to help others and help yourself with education. -
Story is true but phishing is on rise
I was checking Spamcop's (my mail provider) parent company Ironport www pages yesterday.
Spam is dieing as you can see at http://www.ironport.com/toc/toc_spam.html
I think phishing by zombies are in rise.
http://www.antiphishing.org/ report available in pdf http://antiphishing.org/reports/apwg_report_Nov200 5_FINAL.pdf
BTW if you report spam, reportphishing@antiphishing.org is a good CC: target. -
Story is true but phishing is on rise
I was checking Spamcop's (my mail provider) parent company Ironport www pages yesterday.
Spam is dieing as you can see at http://www.ironport.com/toc/toc_spam.html
I think phishing by zombies are in rise.
http://www.antiphishing.org/ report available in pdf http://antiphishing.org/reports/apwg_report_Nov200 5_FINAL.pdf
BTW if you report spam, reportphishing@antiphishing.org is a good CC: target. -
Re:Hey! The sky is falling! The sky is falling!
"Yet the IT world strolls along day to day, without much really actively happening to prevent serious down-the-road problems."
You say this as though there is some dereliction of duty among the IT folks. There are people (http://www.antiphishing.org/, http://www.openantivirus.org/) working on these things. In their spare time too--right? It's quite apparent that your gripe is with M$ and the the general population that has bought into the monopoly, but there's only so much you can do with 6 billion Elvis fans, and the greedy bastards that want to exploit them. I'm sure that most geeks would like to blow them off the planet, but like you, there's no "real" solution among them. I don't think that they (the IT world) should take the hit for an insurmountable task.
You've equated the catastrophies iminent to the internet with global warming. I can see the correlation, however the internet is fairly new compared to the first time we put CO into the atmosphere. Man's presence on Earth is undergoing a huge learning curve, as are man's dealings with the internet. It wasn't long ago that huge corporations were destroying the planet in the name of profit, and the good of human life, but eventually the people that saw the wrong of it came out of the woodwork, and protested. It's still not right, but it's headed in the right direction--I hope. Now, the ones that see the wrong of the "inter-connected" world, and all of the bad that it can inflict are starting to come out of the woodwork. Exponentially so, as is the pace of technology.
The doctor's kids are always sick, the mechanic's car is always broke. Does this mean we are doomed to be ill (bird-flu notwithstanding
:-)), or that our cars won't work? No, we are just living the human life, and sometimes--cough...9/11--it takes a catastophy to put things to work....BTW I'm not an IT guy, I'm just an aerospace weenie that is just as scared of the status-quo as you are. Yet I do have a little faith in the fact that, while most people need a little nudging, a lot of people are paying attention (like me--I carry my own disk with FireFox, AdAware, and OpenOffice--and spread it to anyone that listens).
-
Re:PayPal isn't a bank, so it's not perfectly safeI wonder if this is related to the PayPal emails I've been receiving recently regarding suspicious activity on my account.
Hook, line, sinker and a lifetime subscription to Field and Stream. I was wondering what kind of gullible soul fell for those badly created phishing scams. Apparently, it's reformed ex-cons. Tell you what, roll back some of that reformation and take another look at those e-mail.
-
This may continue
This can only continue to rise. I'd imagine this is a good way to make money that won't be stopping soon. Consumer ignorance is high, and this is just another way of exploiting it. Make sure to educate your friends and families and check out the Anti-Phishing Working Group.
-
Re:How to annoy phishers
Just below this comment a poster has given a link to a phishing central source
:)
Looks like its already in action :)
http://www.antiphishing.org/
-
check out antiphishing.org
Check out antiphising.org
-
Anti-Phishing Working Group
You can read more about efforts to combat phishing here. Lots of purty charts and plenty of specific examples.
-
Need IE? Can't switch? Disable Java(script)ActiveX
Open an IE browser window and do the following:
Tools/internet options/security options/custom level(for all internet zones).
Disable anything mentioning Java(script) and ActiveX. Do the same thing on the advanced tab.
Click 'OK'/'Apply' as needed on the dialogs.
For safety, restart your computer for all the changes to take effect properly.
Viola! IE is secure against Java(script)/ActiveX security breeches. Alas, you may still be vulnerable to this web browser exploit so be careful with your sensative information!
NEVER EVER GIVE OUT SENSITIVE INFORMATION VIA EMAIL! USE A SECURED HTTPS CONNECTION ON A BRAND-NEW WEB BROWSER WINDOW TO DO THIS! BE SURE TO TYPE THE 'TIP-TOP' WEBSITE ADDRESS (E.G. HTTP://WWW.EXAMPLE.COM/) IN THE ADDRESS BAR AND NAVIGATE THE SITE AS NEEDED!
Sorry for yelling, but being 'phished' out of sensitive information could hapen to anyone!
Bryan Taylor
iamcf13@hotpop.com
SpamByte code: 7
(see http://www.cf13.com/game-over-spammers.htm )
http://www.cf13.com/press-release.htm
All email containing unwanted content will be summarily deleted or reported as spam.
-
AntiPhishiing.org
Here is more information, the SANS Internet Storm Center has seen much activity (and growing) of this shit.
-------- -
Re:bashing paypal
The only way to know that it's fake is to look in the URL bar
Even that's not enough against some possible threats and against some that are already in the wild.
Several browser vulnerabilities make URL spoofing devastating. You can put the wrong address in the address bar of most IE versions by combining a user@malicioushost format with an embedded %01%00 in the URL. You can theoretically write scripts for other browsers that cover the URL bar with an arbitrary graphic.
Let me plug a couple of sites. Antiphishing.org has hot news and tips about these scams. My own security advice for Aunt Tillie blog suggests treating email like a phone call. Don't give out your password/credit card number/launch codes unless you're the one who placed the call/started the transaction. Just the standard consumer advice about phone scams, in other words. Slashdotters, of course, should read the HTML source to find out how the latest technical tricks work
:-) -
Re:Update Your Credit / Debit Card on Your IBM Fil
Thank you, unknown moderators, for verifying my point: Semantic attacks like e.g. phishing are easily carried out; it only takes a moderate understanding of the victim's expectations. Fit your attack to something they know and believe they understand, and they will react as desired, clicking first and thinking never.
-
Update Your Credit / Debit Card on Your IBM File
Dear IBM Lotus Workplace Member,
During our regular verification of accounts we couldn't verify your current information. Either your information has changed or it is incomplete. If the accoutn is not updated to current information within 5 days, your access to word processing and spreadsheet on IBM Lotus Workplace will be restricted.
Go to the link below to update your information:
http://signin.workplace.ibm.com/foo-cgi/bar?id=12
3 45Please do not reply to this email as you will not receive a response.
Thank you for using IBM Lotus Workplace!
-
Update Your Credit / Debit Card on Your IBM File
Dear IBM Lotus Workplace Member,
During our regular verification of accounts we couldn't verify your current information. Either your information has changed or it is incomplete. If the accoutn is not updated to current information within 5 days, your access to word processing and spreadsheet on IBM Lotus Workplace will be restricted.
Go to the link below to update your information:
http://signin.workplace.ibm.com/foo-cgi/bar?id=12
3 45Please do not reply to this email as you will not receive a response.
Thank you for using IBM Lotus Workplace!
-
Re:This doesn't surprise me at all...
Even back in the days I did call support for an ISP, sometimes I'd just ask their login name and they'd just blurt out, "My login is sueray22 and my password is newyork!"
I'm occasionally doing some call support for our clients and did have similar answers. Even worse: sometimes I'd just ask their login name and they'd spontaneously give me their password ... without their login. Then, I'd have to repeat: "no, no! just your login name, please!"
My guess is that passwords are just a silly constraint for most common users who aren't implicated into computer stuff.
I was however astonished to read the following statement:
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.