Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing In The Channel

Posted by michael on from the turnkey-solution-to-starting-your-own-business dept.

Rick Zeman writes "A Washington Post story details the relationships between phishers, IRC, plug-and-play phishing toolkits, and phantom web sites. 'For the past few months we've started to see phishing attacks from subcontractors, people who buy and use ready-made phishing toolkits and e-mail lists,' Orad said. 'It's gotten to the point where you don't need to know anything about spamming or computer programming to pull this off.'"

5 of 199 comments (clear)

  1. IRC? by Anonymous Coward · · Score: 4, Insightful

    IRC is like a communication medium, its irrelevant in this discussion. As irrelevant as telephones being 'used' by thiefs to communicate. Holding IRC responsible is pointless.

  2. Has anyone seen alternate character domains? by suso · · Score: 5, Insightful

    I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c.

    Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic.

    Has anyone seen anything like this yet?

    1. Re:Has anyone seen alternate character domains? by Richard+W.M.+Jones · · Score: 4, Insightful
      Browsers could be modified to highlight characters outside the usual 7 bit ASCII range. For example, those characters could be displayed in red, or in reverse video.

      In fact, this would make sense right now. A heuristic could be used to highlight the '1' in paypa1.com.

      Rich.

      --
      libguestfs - tools for accessing and modifying virtual machine disk images
  3. Slow Law Enforcement by ackthpt · · Score: 3, Insightful
    This underscores the problem with these schemes, laws don't mean a thing if there's no enforcement. Most of the spam I see phishing should be able to be tracked down quickly enough to catch perps, but either law enforcement is bogged down with other things or it's just not really much of a priority.

    Many people complain about there not being enough cops on the street (unless they've just been pulled over), which I've been informed in my area, is due to most calls are domestic disputes. Police don't have the time to catch all the burglars and bicycle thieves because someone is slapping someone else around (IMHO the first offense should land people in a cooler for at least a month.)

    Regarding the agencies which should be chasing spammers and scammers, that's probably the FBI, which is too busy being reorg'd and chasing terrorist threats.

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. Re:Let's implement some ideas by sedna · · Score: 3, Insightful


    Even easier method:

    Register an E-mail address with the credit card company. When an on-line purchase is made, a verifiaction mail is sent to you. Click on the link in the mail and the purchase goes through, othervise call customer relations...