Slashdot Mirror
Anti-Phishing Tools
mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.
Does That Web Site Look Phishy?
WholeSecurity's new software claims to identify fraudulent sites.
Paul Roberts, IDG News Service
Monday, August 16, 2004
A new software tool from WholeSecurity can spot fraudulent Web sites used in online cons known as "phishing" scams, according to a statement from the company.
Advertisement
The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies, and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud, and increase confidence in online commerce, the company says.
Phishing scams are online crimes that use unsolicited commercial, or "spam," e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account, or credit card number, often under the guise of updating account information.
Already in Use
A version of Web Caller-ID is already being used by EBay in a feature called Account Guard, part of an EBay Web browser toolbar that users of the online auction site can download for free. The feature detects suspicious behavior, such as Web URLs that disguise the true Internet address of the site the user is visiting.
Companies can license a Web browser plug-in from WholeSecurity, which can then be distributed to customers directly or as part of a Web browser toolbar. Alternatively, companies can sign up for an e-mail processing service from WholeSecurity that harvests information on phishing scams from spam e-mail or customer complaint e-mail sent to the company, WholeSecurity says.
A Web browser-based management console lets administrators view suspected phisher sites, file complaints against spoof Web sites, or fine-tune the Web Caller-ID technology to adapt to their company's Web site.
On the Rise
Reports of phishing attacks have skyrocketed in recent months, according to the Anti-Phishing Working Group (APWG), a joint industry-law enforcement group.
There were 1422 new, unique attacks reported to the APWG in June, a 19 percent increase over the previous month. Since the beginning of 2004, reports of the attacks have grown by 52 percent a month on average, the group says.
A survey of 5000 adult Internet users by research firm Gartner released in April found that the number of phishing attacks spiked in the last year and that around 3 percent of those surveyed reported giving up personal financial or personal information after being drawn into a phishing scam. The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner says.
Taking the First Step
Web Caller-ID is not a cure-all for the phishing problem, but is a good first step to provide comprehensive protection from the scams, says Howard Schmidt, former White House cybersecurity advisor and the current chief information security officer at EBay.
"These are some of the things we need to do moving forward--getting technology built into the Web browsers themselves to do these things," he says.
However, better user education and stronger security from online retailers, banks, and financial institutions is also needed to protect technically unsophisticated consumers from complex online cons like phishing attacks, Schmidt says.
"You can't put somebody in a car and tell them to drive, but not tell them what the brake and gas pedal are for," he says.
Spoofstick is a plugin for FireFox or Internet Explorer that can help identify 'phishy' sites while surfing.
It does take a little more real estate out of the browser's window, but it's a pretty useful tool when teaching people about the dangers of clicking links blindly.
"For every right, an equal responsibility..."
Here is more information, the SANS Internet Storm Center has seen much activity (and growing) of this shit.
--------
Phish Net
Some folks here may find it usefull.
This nifty quiz can help you assess your phishing detection abilities. Recommended.
"There are already a million monkeys on a million typewriters, and Usenet is NOTHING like Shakespeare." - Blair Houghton
Actually, as someone who's working at a web host, I can tell you Citibank does take this sort of thing seriously, and they are interested to know where the sites are being hosted.
Who knows what they do with that information. Maybe nothing. Still, it's worth reporting, if only to show that the community is against these frauds.
The first step is obviously to check the headers of an email you receive. Just see who sent you the damn thing (from Received headers). Was it actually an IP belonging to .paypal.com? This is easy to check using 'whois'. If the whois lookup shows the IP delivering you the email is from the company you expect (VISA, Paypal, Ebay) then it's fine.
OK, how about an example. Take this US Bank phishing scam, here are the Received headers:
The first Received hop is my ISP. The second Received hop is the only important one; it describes the connecting host. Note that the host here pretended to be usbank.com but that name is a sender-supplied ID; it's worthless. What you're looking for is the IP address between square brackets, which can not be forged. Now just check 211.209.208.87 using whois
See, easy. This email came from Korea, not US Bank. It's a scam!