Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Phishing Tools

Posted by ryuzaki0 on from the escalating-the-arms-race dept.

mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.

12 of 233 comments (clear)

  1. Huh by Lord+Grey · · Score: 5, Insightful
    Unless I missed something, neither the article nor the summary provides a link to the product. Here is what I found: Web Caller-ID. That link contains this paragraph:
    Web Caller-ID's detection engine includes hundreds of routines that examine the elements of a web site, ranging from the site's content and links to its page history, and then determine if they are indicative of a spoof. For example, the URL of a particular site might be analyzed for phishing characteristics, such as the inclusion of an IP address at the beginning of the URL, or the source code might be analyzed for calls to a different web site. In production environments, Web Caller-ID consistently detects more than 98% of previously unknown spoof sites using behavioral technology.
    This product sounds interesting at first blush, but don't most phishing scams begin with an email? Web sites that support phishing aren't going to have as many of these charactistics as the email that lured the victims there to begin with. I have to wonder just how well this really works, despite the, "consistently detects more than 98% of previously unknown spoof sites" quote.
    --
    // Beyond Here Lie Dragons
  2. Already sluggish... by La_Boca · · Score: 5, Informative

    Does That Web Site Look Phishy?

    WholeSecurity's new software claims to identify fraudulent sites.

    Paul Roberts, IDG News Service
    Monday, August 16, 2004

    A new software tool from WholeSecurity can spot fraudulent Web sites used in online cons known as "phishing" scams, according to a statement from the company.

    Advertisement

    The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies, and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud, and increase confidence in online commerce, the company says.

    Phishing scams are online crimes that use unsolicited commercial, or "spam," e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account, or credit card number, often under the guise of updating account information.

    Already in Use

    A version of Web Caller-ID is already being used by EBay in a feature called Account Guard, part of an EBay Web browser toolbar that users of the online auction site can download for free. The feature detects suspicious behavior, such as Web URLs that disguise the true Internet address of the site the user is visiting.

    Companies can license a Web browser plug-in from WholeSecurity, which can then be distributed to customers directly or as part of a Web browser toolbar. Alternatively, companies can sign up for an e-mail processing service from WholeSecurity that harvests information on phishing scams from spam e-mail or customer complaint e-mail sent to the company, WholeSecurity says.

    A Web browser-based management console lets administrators view suspected phisher sites, file complaints against spoof Web sites, or fine-tune the Web Caller-ID technology to adapt to their company's Web site.

    On the Rise

    Reports of phishing attacks have skyrocketed in recent months, according to the Anti-Phishing Working Group (APWG), a joint industry-law enforcement group.

    There were 1422 new, unique attacks reported to the APWG in June, a 19 percent increase over the previous month. Since the beginning of 2004, reports of the attacks have grown by 52 percent a month on average, the group says.

    A survey of 5000 adult Internet users by research firm Gartner released in April found that the number of phishing attacks spiked in the last year and that around 3 percent of those surveyed reported giving up personal financial or personal information after being drawn into a phishing scam. The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner says.

    Taking the First Step

    Web Caller-ID is not a cure-all for the phishing problem, but is a good first step to provide comprehensive protection from the scams, says Howard Schmidt, former White House cybersecurity advisor and the current chief information security officer at EBay.

    "These are some of the things we need to do moving forward--getting technology built into the Web browsers themselves to do these things," he says.

    However, better user education and stronger security from online retailers, banks, and financial institutions is also needed to protect technically unsophisticated consumers from complex online cons like phishing attacks, Schmidt says.

    "You can't put somebody in a car and tell them to drive, but not tell them what the brake and gas pedal are for," he says.

  3. You mean... by Black+Parrot · · Score: 5, Funny

    ...I wasn't supposed to give s1ashdot my credit card number to read this story?

    --
    Sheesh, evil *and* a jerk. -- Jade
  4. My rule is usually fairly simple by tekiegreg · · Score: 5, Insightful

    Just don't click on any links via email to anything unless you solicited it (such as an email verification to a mailing list you're subscribing to). When I'm in doubt, all I do is type in the URL to the bank/brokerage/etc. web site myself (fire up browser and type in homepage URL), log in and find out if there is anything going on. Most such websites have a way to look at everything and take any needed action right away after you type in a user/pass.

    *sigh* and on that note there is a sucker born every minute I suppose.

    --
    ...in bed
  5. Email Phishing by TheOtherAgentM · · Score: 5, Insightful

    From what you and I probably see, yes. Phishing begins with an email, because we probably don't browse shady sites regularly. I don't know what the average user sees in their regular browsing. I can't even figure out where people get all the spyware from in the first place. As far as phishing emails, I know I get one email regularly that looks like a CitiBank email, but it is a .jpg file embedded. The URL has citi in it, but if you look closer, it's obviously not the right sight. I'd report it, but Citi Bank's online reporting sucks.

    1. Re:Email Phishing by james_marsh · · Score: 5, Funny

      I'm not sure what good it would do to report it to citi since there's nothing they can do about it except maybe send out emails to everyone in the world telling them not to believe emails claiming to be from them.
      There's just a slight flaw in that logic...

    2. Re:Email Phishing by aussersterne · · Score: 5, Interesting

      Citibank can't do anything about it anyway; they're not law enforcement, and even if they were, what exactly do you see law enforcement doing about SPAM or phish emails? Nada.

      I used to work at eBay and the phishing problem was terrible (though I didn't deal with it directly, that wasn't my department). When users would find out, they'd demand to know why eBay didn't do something about it. The people who worked on that floor would stand around in the smoking shed and bitch, "What do they want us to do, buy some guns and go to Romania and raid the guy's house wearing little eBay uniforms?"

      --
      STOP . AMERICA . NOW
    3. Re:Email Phishing by Ra5pu7in · · Score: 5, Insightful

      They can't do much about it upfront. However, as soon as it involves withdrawals from customer's accounts it moves over into fraud ... which they can do something about (via usual legal means). Neither Citibank, nor any of the others (I've seen BofA, Wells Fargo, and others) are going to acknowledge all the emails they get reporting these scams. Instead, the data is accumulated and those that report they lost money this way will be prioritized because these can be used for prosecution.

      Personally, I'm waiting for the point where we can have a Darwin's Award for the idiots who answer those emails ... y'know the point when one of them loses every last dime in a scam and commits suicide, dies from a badly produced batch of V@l1um or V1agr@, or tries to gain or lose inches and has an accident with the means thereto. When this garbage produces 0 results, no matter how many millions are sent out, it will self-destruct.

      --
      I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
  6. List of IPs used by phishers by Anonymous Coward · · Score: 5, Informative

    Phish Net

    Some folks here may find it usefull.

  7. Cool phishing detection quiz by frozenray · · Score: 5, Informative


    This nifty quiz can help you assess your phishing detection abilities. Recommended.

    --
    "There are already a million monkeys on a million typewriters, and Usenet is NOTHING like Shakespeare." - Blair Houghton
  8. Re:phishing automated reply by The+Ultimate+Fartkno · · Score: 5, Interesting

    It's for mortgage spammers and not phishers, but I'm a fan of the Unsolicited Commando project. It's a little Java app that spends its day filling out mortgage applications on spamvertised sites with completely believable - but totally bogus - personal data. The source is available so perhaps a clever person could randomly generate credit card numbers and adapt the program to attack phish sites.

  9. First step by bigberk · · Score: 5, Informative

    The first step is obviously to check the headers of an email you receive. Just see who sent you the damn thing (from Received headers). Was it actually an IP belonging to .paypal.com? This is easy to check using 'whois'. If the whois lookup shows the IP delivering you the email is from the company you expect (VISA, Paypal, Ebay) then it's fine.

    OK, how about an example. Take this US Bank phishing scam, here are the Received headers:

    Received: by mail.pc9.org (Postfix, from userid 82)
    id 2E7E6AC1B; Tue, 17 Aug 2004 07:13:50 -0700 (PDT)
    Received: from usbank.com (unknown [211.209.208.87])
    by mail.pc9.org (Postfix) with SMTP id BCF24AC03
    for <bigberk@users.pc9.org>; Tue, 17 Aug 2004 07:13:47 -0700 (PDT)
    Received: from 0.212.252.18 by 211.209.208.87; Tue, 17 Aug 2004 09:08:18 -0600

    The first Received hop is my ISP. The second Received hop is the only important one; it describes the connecting host. Note that the host here pretended to be usbank.com but that name is a sender-supplied ID; it's worthless. What you're looking for is the IP address between square brackets, which can not be forged. Now just check 211.209.208.87 using whois

    $ whois 211.209.208.87
    ...
    [ Organization Information ]
    Organization ID : ORG3930
    Org Name : Hanaro Telecom Inc.
    State : SEOUL
    Address : Shindongah Bldg., 43 Taepyeongno2-Ga Jung-Gu
    Zip Code : 100-733
    ...

    See, easy. This email came from Korea, not US Bank. It's a scam!