Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netcraft: 5,600 Phishing Sites Since December

Posted by timothy on from the not-good-news dept.

miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.

5 of 181 comments (clear)

  1. Re:firefox toolbar? by Rude+Turnip · · Score: 3, Informative

    Firefox one-ups this already by doing 2 things:

    1. Encrypted URLS turn the address bar to a gold color to remind you that you're on an encrypted site. And, more importantly,

    2. In the lower right hand corner of the screen, Firefox tells you the name of the site to which the digital signature certificate is assigned.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!
  2. Re:Submit a new site, get a gift? by doofusclam · · Score: 5, Informative
    Anybody know what is this "reward" they mail you? I'm curious.


    Well according to this: http://news.earthweb.com/security/article.php/3454 601:

    If a person is the first to submit a link to a new phishing site, the user receives a free prize, such as a coffee mug. Miller said other offerings are in the works as well. An e-mail appears in users' inboxes asking them to return a postal address for the prize, which takes 28 days to deliver.
  3. Re:Phishers Getting Good by Spy+der+Mann · · Score: 2, Informative

    but man, someone spent a lot of time thinking it up.

    Hint: Enable "full headers" on your e-mail. That way you won't spend a second before hitting the delete button.

  4. ebay spoofs by jangobongo · · Score: 2, Informative
    I got that ebay spoof, too, a while ago. That kinda scared me until I contacted ebay and they confirmed that, indeed, it was a spoof.

    I got a newer one just a short while ago that said:
    • Subject:*** Your eBay Bid was Cancelled ***


    • Dear eBay Community Member,

      The bid that you entered for the item ( 5569407583[original link removed] ) has been cancelled. You can view the reason provided for the cancellation by selecting the link bellow[sic].

      http://cgi.ebay.com/ws/eBayISAPI.dll?Item=55694075 83&BidCancelled=1 [original link removed]

      Regards,
      eBay
    Now, if I had bid on anything at ebay within the last year, I might have panicked and started clicking on links without stopping to think about it. Fortunately, I knew I hadn't bid on anything, so I (as I've learned to do) hovered my cursor over the links and saw that they went to www.kminsectcontrol.com (insect control? interesting).

    I just forwarded it to spoof@ebay.com which, sadly, I have in my address book because I have forwarded several suspicious emails to them. They always get back to me quickly and confirm that, yes, it was a spoof and to ignore it. Then they investigate the forwarded email take any actions they can against whoever sent it.

    And every ebayer should have this page bookmarked: http://pages.ebay.com/help/policies/id-account-the ft-spoof.html

    I agree, the phishers are getting better. Phishers like these try to trigger a knee-jerk emotional response and I bet it works way too often.
    --

    Sig cancelled due to lack of interest
  5. Re:The biggest problem... by hazzey · · Score: 2, Informative

    I don't know how well it works, but there is always: spam@uce.gov It is the FTC's official phishing reporting address. http://www.usdoj.gov/spam.htm