Anti-Phishing Tools

mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.

Huh

[Lord+Grey]

Unless I missed something, neither the article nor the summary provides a link to the product. Here is what I found: Web Caller-ID. That link contains this paragraph:

Web Caller-ID's detection engine includes hundreds of routines that examine the elements of a web site, ranging from the site's content and links to its page history, and then determine if they are indicative of a spoof. For example, the URL of a particular site might be analyzed for phishing characteristics, such as the inclusion of an IP address at the beginning of the URL, or the source code might be analyzed for calls to a different web site. In production environments, Web Caller-ID consistently detects more than 98% of previously unknown spoof sites using behavioral technology.

This product sounds interesting at first blush, but don't most phishing scams begin with an email? Web sites that support phishing aren't going to have as many of these charactistics as the email that lured the victims there to begin with. I have to wonder just how well this really works, despite the, "consistently detects more than 98% of previously unknown spoof sites" quote.

My rule is usually fairly simple

[tekiegreg]

Just don't click on any links via email to anything unless you solicited it (such as an email verification to a mailing list you're subscribing to). When I'm in doubt, all I do is type in the URL to the bank/brokerage/etc. web site myself (fire up browser and type in homepage URL), log in and find out if there is anything going on. Most such websites have a way to look at everything and take any needed action right away after you type in a user/pass.

*sigh* and on that note there is a sucker born every minute I suppose.

Email Phishing

[TheOtherAgentM]

From what you and I probably see, yes. Phishing begins with an email, because we probably don't browse shady sites regularly. I don't know what the average user sees in their regular browsing. I can't even figure out where people get all the spyware from in the first place. As far as phishing emails, I know I get one email regularly that looks like a CitiBank email, but it is a .jpg file embedded. The URL has citi in it, but if you look closer, it's obviously not the right sight. I'd report it, but Citi Bank's online reporting sucks.

Re:Email Phishing

[Ra5pu7in]

They can't do much about it upfront. However, as soon as it involves withdrawals from customer's accounts it moves over into fraud ... which they can do something about (via usual legal means). Neither Citibank, nor any of the others (I've seen BofA, Wells Fargo, and others) are going to acknowledge all the emails they get reporting these scams. Instead, the data is accumulated and those that report they lost money this way will be prioritized because these can be used for prosecution.

Personally, I'm waiting for the point where we can have a Darwin's Award for the idiots who answer those emails ... y'know the point when one of them loses every last dime in a scam and commits suicide, dies from a badly produced batch of V@l1um or V1agr@, or tries to gain or lose inches and has an accident with the means thereto. When this garbage produces 0 results, no matter how many millions are sent out, it will self-destruct.