Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing In The Channel

Posted by michael on from the turnkey-solution-to-starting-your-own-business dept.

Rick Zeman writes "A Washington Post story details the relationships between phishers, IRC, plug-and-play phishing toolkits, and phantom web sites. 'For the past few months we've started to see phishing attacks from subcontractors, people who buy and use ready-made phishing toolkits and e-mail lists,' Orad said. 'It's gotten to the point where you don't need to know anything about spamming or computer programming to pull this off.'"

3 of 199 comments (clear)

  1. IRC? by Anonymous Coward · · Score: 4, Insightful

    IRC is like a communication medium, its irrelevant in this discussion. As irrelevant as telephones being 'used' by thiefs to communicate. Holding IRC responsible is pointless.

  2. Has anyone seen alternate character domains? by suso · · Score: 5, Insightful

    I have been wondering when I would start to see these alternate character set domain names that you can get now play a role in this. You know, like someone registers cnn.com, but the c is not the latin character set c but one from another character set. Or something that almost looks like a c.

    Then, without even hacking DNS, you can simply make someone or a group of people think that they are on cnn.com when they are really not. This could be used for things like fake news reports, etc. that make people panic.

    Has anyone seen anything like this yet?

    1. Re:Has anyone seen alternate character domains? by Richard+W.M.+Jones · · Score: 4, Insightful
      Browsers could be modified to highlight characters outside the usual 7 bit ASCII range. For example, those characters could be displayed in red, or in reverse video.

      In fact, this would make sense right now. A heuristic could be used to highlight the '1' in paypa1.com.

      Rich.

      --
      libguestfs - tools for accessing and modifying virtual machine disk images