Slashdot Mirror
Netcraft: 5,600 Phishing Sites Since December
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.
One could say the same for the /. trolls.
Funny thing, I submitted a phishing site to Netcraft and was notified that it was a new one to their database, and what do they do?
They ask me to reply to their email address with my full name, street address so that they can send me a "gift". I don't know what it is (haven't received it yet), but thought it ironic that they were soliciting information in a phishing-style.
I sent them the address so they can send me a gift (t-shirt? who knows) since I knew I had contacted THEM about the particular phishing URL, and the info they requested could be gleaned by someone who wanted to find out, but found it humorous nonetheless.
Anybody know what is this "reward" they mail you? I'm curious.
I only post comments when someone on the internet is wrong.
The phishing community will learn to read an write in a professional manner. When that day comes, the world will end
no wait.... only those gullables will find themselves in trouble.
Phishing is only a problem when you aren't paying attention.
--
The great crime in this phishing system is at the Patent and Trademark Office. We fund the office, subsidizing corporate IP owners by defending their IP. But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing. How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?
--
make install -not war
Is there any toolbar available for firefox? This would be a great thing to install on my relatives computers or anyone's computer for that matter.
The only problem that I see is that those people with the Netcraft toolbar are probably already in the low-risk category for this type of scam (although I guess the fact that they install toolbars at all makes it a slightly more at risk group) since they're reasonably aware of the problem. Still, Netcraft continues to impress me with excellent tools and insight on web traffic and secuirty trends. A daily must-read for webmasters, far more so than Alexa.
=======
Science -- Sealed, Delivered.
One of the factors that goes into the risk rating is the age of the site. That's a good insight: phishers tend to create new sites often, as the old ones get closed down or are simply dropped.
But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?
I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?
Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.
Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.
it used to be easy to toss out the trawlers based on their spelling alone.
I've always detected the trawlers by the fact that they're asking me to give them information via email.
Pulp Audio Weekly - Geek News and Reviews
We regret to inform you that our subscription database was lost in a major crash. In order to continue your advertising-free dupe ridden news service, we require you to verify your account details. Please have your credit card handy and head on over to Slashdot Subscription Verification to verify your account. Once again, we apologize for the mis-hap.
Sincerely, teh Taco.The obvious responce will be more laws. Laws that will take away the freedom of the non-criminal. The RIAA is forcing ISP's to hand over IPA's. Commercial websites track customers. How long until the web requires authentication just to do anything?
I hope the government really hurts the first people it catches. But until the laws change, I doubt it will be that bad. If you could rip off 1,000 people for $1,000,000, would you? What if it meant 5 years in prision, and you could hide the money so it was there when you were released?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
but man, someone spent a lot of time thinking it up.
Hint: Enable "full headers" on your e-mail. That way you won't spend a second before hitting the delete button.
I actually looked into making a Firefox extension that worked with the netcraft phishing list. that you get from using their toolbar. I'm still just learning to code Firefox plugins, so I thought it would be a fun exercise. I put it aside for now since there is a big "DO NOT REVERSE ENGINEER OUR SOFTWARE" type notice in the install license, and I still have a long ways to go in learning to program Firefox extensions. I figured out how it works by reading the log file, is that reverse engineering these days?
Anyway, how the blocker works is pretty nifty, the toolbar creates an MD5 hash of each the url you visit, then compares it to a file that the toolbar auto-updates with the MD5 hashes of the bad urls. To figure out where info is coming from, take a look at "blocked.log" in the Toolbar directory, you'll see the lines that update "blocklist.dat". The only problem I saw is that www.badsite.com/bleh.html might be in there, but www.badsite.com itself might not be, even if both are really the same page.
I still think the best anti-phishing software would be a program that just notices when you are doing something really boneheaded. It would do things like shout "Hey, that's your ebay username and password and this isn't ebay! Are you sure you want to do this?" and "This page isn't posting to an encrypted page and that is a credit card number! Are you sure about this?". Just my little idea, I'm sure there are plenty of problems with it.
The biggest problem is the inability to email a person who cares at a lot of these places. In the past two weeks I've tried to find contacts for domains that were hosting ebay phishing pages. Emails to 'support', 'webmaster', internic domain contacts all go unanswered and the sites remain. I reported this one a week ago, its still up: http://210.0.213.115/~homepage/Secure/eBay/cgi-bin /index.php
I've visited Phishing sites before, but I just don't get it. You'd have to be stoned or something to appreciate their music.
I got a newer one just a short while ago that said:
- Subject:*** Your eBay Bid was Cancelled ***
-
5 83&BidCancelled=1 [original link removed]
Now, if I had bid on anything at ebay within the last year, I might have panicked and started clicking on links without stopping to think about it. Fortunately, I knew I hadn't bid on anything, so I (as I've learned to do) hovered my cursor over the links and saw that they went to www.kminsectcontrol.com (insect control? interesting).Dear eBay Community Member,
The bid that you entered for the item ( 5569407583[original link removed] ) has been cancelled. You can view the reason provided for the cancellation by selecting the link bellow[sic].
http://cgi.ebay.com/ws/eBayISAPI.dll?Item=5569407
Regards,
eBay
I just forwarded it to spoof@ebay.com which, sadly, I have in my address book because I have forwarded several suspicious emails to them. They always get back to me quickly and confirm that, yes, it was a spoof and to ignore it. Then they investigate the forwarded email take any actions they can against whoever sent it.
And every ebayer should have this page bookmarked: http://pages.ebay.com/help/policies/id-account-th
I agree, the phishers are getting better. Phishers like these try to trigger a knee-jerk emotional response and I bet it works way too often.
Sig cancelled due to lack of interest
cince netcraft is whoring the community for their free data and then selling it to people. Can we make a nice firefox version that reports to FREE servers (ala freeDB style) that we can get going?
or did netcraft patent it?
I personally would trust a OPEN list that is under the eyes of many than a closed and encrypted secret list that can have sites or ip addresses secretly added to serve an agenda.
One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.
i'll be worried when i start seeing attacks imitating places that i actually have accounts at. other than paypal, i don't think a single one out of the thousands of phishing attacks i've received has tried to imitate a bank or institution that i actually do business with.
maybe it's just me, but i would think that when people see hundreds of emails coming from places they've never done businesss with in their life, they might be a little suspicious when they see one that's almost exactly the same except with their bank's logo on it, no matter how well written. or am i expecting too much of the average person?
If I don't put anything here, will anyone recognize me anymore?