Phishing In The Channel

Rick Zeman writes "A Washington Post story details the relationships between phishers, IRC, plug-and-play phishing toolkits, and phantom web sites. 'For the past few months we've started to see phishing attacks from subcontractors, people who buy and use ready-made phishing toolkits and e-mail lists,' Orad said. 'It's gotten to the point where you don't need to know anything about spamming or computer programming to pull this off.'"

IRC?

IRC is like a communication medium, its irrelevant in this discussion. As irrelevant as telephones being 'used' by thiefs to communicate. Holding IRC responsible is pointless.

Has anyone seen alternate character domains?

[suso]

I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c.

Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic.

Has anyone seen anything like this yet?

Re:Has anyone seen alternate character domains?

[Richard+W.M.+Jones]

Browsers could be modified to highlight characters outside the usual 7 bit ASCII range. For example, those characters could be displayed in red, or in reverse video.

In fact, this would make sense right now. A heuristic could be used to highlight the '1' in paypa1.com.

Rich.

Re:IRC

[grazzy]

Dont forget to block port 80 too, a lot of scary stuff goes on there...

Slow Law Enforcement

[ackthpt]

This underscores the problem with these schemes, laws don't mean a thing if there's no enforcement. Most of the spam I see phishing should be able to be tracked down quickly enough to catch perps, but either law enforcement is bogged down with other things or it's just not really much of a priority.

Many people complain about there not being enough cops on the street (unless they've just been pulled over), which I've been informed in my area, is due to most calls are domestic disputes. Police don't have the time to catch all the burglars and bicycle thieves because someone is slapping someone else around (IMHO the first offense should land people in a cooler for at least a month.)

Regarding the agencies which should be chasing spammers and scammers, that's probably the FBI, which is too busy being reorg'd and chasing terrorist threats.

Re:Let's implement some ideas

[eggoeater]

Have the website require the PIN to be entered before using the site.

Dear Subscriber, You are receiving this email because we need to update your records. Please click on the link below and enter your name and PIN......

You get the idea. Not to mention that nobody will shop at a site that requires a secureID card number to be entered.

Re:Well...

[Blue-Footed+Boobie]

AOHell really was far to much fun.

Of course, that's back when the Internet in general was much more fun.

Re:Let's implement some ideas

[sedna]

Even easier method:

Register an E-mail address with the credit card company. When an on-line purchase is made, a verifiaction mail is sent to you. Click on the link in the mail and the purchase goes through, othervise call customer relations...