Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fishing for Phishers

Posted by CmdrTaco on from the stuff-to-think-about dept.

mleachpdx writes "This blog entry probes into the details of an online banking phishing scam and suggests some fraud deterrence and detection measures."

8 of 152 comments (clear)

  1. Or.... by jmcmunn · · Score: 4, Informative

    From the article: "The home page of the phishing site looked identical to the actual online banking site. I was impressed. Someone had spent a considerable amount of time mirroring the entire look and feel."

    Or they just used the Spiderzilla extension for FireFox and downloaded the entire site. Wow, that scammer went to a lot of work. I have gotten these scams before though, and it is no laughing matter that they go to a lot of trouble to look legit. And I bet the estimate of 15% of people who fall for it listed in the article is actually a little low.

  2. They don't know who you are by Space+cowboy · · Score: 4, Informative

    I must have got a dozen or so of these in the last few days, my spam appears to go in phases... either I'm in dire need of sexually-enhancing drugs, about to die from malnutrition, or they're all just after my CC details...

    It's just a blanket 'attack'. Email is cheap, and they're not trying to be smart because they don't need to be.

    Simon

    --
    Physicists get Hadrons!
  3. check out antiphishing.org by enbody · · Score: 5, Informative

    Check out antiphising.org

  4. ROI by Gary+Destruction · · Score: 4, Informative

    The scammer went to alot of work because the Return on Investment was so high. For a few hours of work, he probably a substantial amount of cash.

  5. Re:How to annoy phishers by LiquidCoooled · · Score: 3, Informative

    Just below this comment a poster has given a link to a phishing central source :)

    Looks like its already in action :)

    http://www.antiphishing.org/

    --
    liqbase :: faster than paper
  6. Re:The wrost ones are... by jdkane · · Score: 3, Informative
    The maxim I always use is: The company that holds your account never needs to ask you for your password since they already have it.

    I would add: Often the employees of the company don't have access to the password because it is encrypted on their end. But the institution can change or reset your password without knowing the old password. This is usually preceded by a manual check performed by customer service over the phone to ensure you are really you. They might also ask you to come into the bank and provide ID.

  7. Re:Transfers are between your own accounts. by stoborrobots · · Score: 3, Informative

    Which bank does not allow you to make payments to other people? What is the point of online banking if you can only shuffle money between your own accounts.

    Of the four banks with which I have bank accounts, all allow me to make payments to anyone else whose account details I know. I can also make SWIFT (i.e. international) transfers to any account worldwide, by providing branch SWIFT code and account number.

    --
    "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
  8. Re:How to annoy phishers by throughthewire · · Score: 3, Informative
    But the credit card number I made up was detected as non-existent - or at least the fake website said so. Now, is there any way to:

    1) Generate fake credit card numbers that pass as "valid"

    They're probably doing something trivial with Luhn numbers. Trivial to implement, trivial to spoof. Generating apparently valid but fraudulent card numbers is known as carding.

    2) Do this, and be certain that no-one actually owns that particular number, and if so, still not get into trouble?

    Trouble with whom? The scammers? If you aren't using the number to commit fraud, I wouldn't worry. We want to get the phishers in trouble!