Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honeynet Revealing Actual Phishing Techniques

Posted by CmdrTaco on from the know-your-enemy dept.

edsonie writes "CircleID is reporting on the recent Honeynet Project, 'Know your Enemy: Phishing', aimed at discovering practical information on the practice of phishing. The study reports on a number of real world examples of phishing attacks and the typical activities performed by attackers during the full lifecycle of such incidents. The research also suggests that phishing attacks "are becoming more widespread and well organized". Also with regards to the speed of such attacks, "phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online with supporting spam messages to advertise the web site, and that this speed can make such attacks hard to track and prevent." Check out the full report here presenting actual techniques and tools used by phishers."

9 of 155 comments (clear)

  1. Internet Darwinism by Nytewynd · · Score: 5, Interesting

    Anyone that falls for a phishing scam is too dumb to have their money anyway.

    At work, the security guys put together a phishing test. It looked exactly like our normal web page, they made is sound official by calling it some kind of Task Force, and then they emailed everyone a link to the password checker. It supposedly tested your password for security difficulty. You enter your ID and password and it would email you back the results.

    I sent the link to the security guys and got an "Attaboy". About half of the people ended up on the list of idiots that handed out their secure passwords over the internet.

    What goes through someone's head to enter passwords, bank account info, or personal identity information over the Internet? Don't people consider that the companies supposedly asking for this stuff should already have it. You bank is never going to ask you for your account number over email. They already have it!

    --
    /. ++
    1. Re:Internet Darwinism by Anonymous Coward · · Score: 3, Interesting

      > Anyone that falls for a phishing scam is too dumb to have their money anyway.

      http://survey.mailfrontier.com/survey/quiztest.htm l

      (use IE, not the Fox)

      Did you get 100% correct on the first try (I didn't, I only got 9 out of 10)? Educating the internet population to be aware of the varied and increasingly sophisticated scamming variants is a hopeless proposition in my opinion.

  2. This is getting really frustrating by AT-SkyWalker · · Score: 4, Interesting
    I've noticed that the number of messages I'm getting from Paypal and EBay are increasing dramatically.

    The problem is that they are pretty organized; you get one, then a follow up, then a final warning and so on. I can imagine that a majority of Mom and Pop type of users finally succumb to theses sort of attacks since they seem to be pretty well coherent !

  3. It can be quite difficult to resist by what+about · · Score: 4, Interesting

    I got an email stating that an order had been placed with my name and it was being delivered. Now, I have two choices:

    Do nothing and mybe allow some delivery of goods that I do not want (I am in UK, not US) and then have to return them or anyway cancel the payment (can be difficult if made by debit card) even if the crook got the numbers from looking at you at the supermarket.

    Have a look and see what it is about.

    The ECommerce site was a troian installer, it didn't work since I user Opera and have activeX disabled (Quite interesting all the tecnique they used)

    The point is that sometime it is quite difficult to know if something is legitimate or not and to me the only solution is to have less wizybang applications and more reliable ones.

    No activex, plain HTML browsing.

    Banks should NOT use funny addresses for part of their pages, just one clear address.

    No magic jumping between applications, no magic installing, make it painful to install something taken from the network !

    1. Re:It can be quite difficult to resist by Slashcrap · · Score: 2, Interesting

      I got an email stating that an order had been placed with my name and it was being delivered. Now, I have two choices:

      Sorry, I fail to see why this is a problem. I mean you knew you didn't order it, right?

      So fucking what if something turns up at your door? I'd be like "Great! Free stuff!".

      Do you think that someone would steal your card details and then use them to order something for you? It doesn't seem likely to me.

      Why couldn't you just check with your bank or credit card provider? I would expect them to be able to tell me if someone had ordered something with my card. I'd hardly waste time reverse engineering the website.

  4. Re:The best defense... by tehshen · · Score: 4, Interesting
    One of the things e-mail clients could use from Gmail is how it handles said PayPal phishes. It lets through the message, but puts up a big red box saying:
    Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.

    Which doesn't get in the way, and is startling enough to not be ignored. It makes most users think "Is this a real e-mail?", and if it's on some company network, they could ask for help and be told not to reply, then slowly learn not to by themselves.
    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  5. weird coincidence by CoffeeJedi · · Score: 1, Interesting

    i got my first phish email this morning trying to get my paypal info; the link went to an ip address in Korea

    within minutes, i browsed to slashdot and saw this was the current top story

    creeeeepy

    --
    May you be touched by His Noodly Appendage. RAmen.
  6. Re:They're getting MUCH better at it by CrashPoint · · Score: 2, Interesting
    In my experience, the best quick-and-easy way to spot a PayPal phish is to check the salutation at the beginning of the email. If it addresses you as "Dear Valued PayPal Customer" or some such, it's definitely a phish. PayPal always addresses you by name in their emails.

    This, I have found, is not only an easy way for us geeks to spot phishers, but a way we can easily explain to non-geeks how to spot them.

  7. Rent a botnet here! by Animats · · Score: 3, Interesting
    You, too, can run a phishing scam. You'll need a botnet, bulk-friendly hosting, and bulletproof credit card processing. And you can get them all here.

    Yes, "Specialham", the spammer hangout, is back! "SpecialHam is the premier online destination for email marketing professionals." With great new topics like "What are the most anonymous ways to transfer money".

    That site seems to be aimed at low end and clueless spammers.

    Further up the food chain, we have Black Box Hosting. "Fully featured bullet proof dedicated server. Allows direct mailing and website hosting. All our plans allow Adult, Gambling and Pharmacy Content." They also offer "Mailing Servers". You have to supply your own list of proxies, and your own bulk mailing program. They recommend DarkMailer.

    So you go on Specialham and rent some open proxies. Then order a mailing server and a web server from Black Box Hosting. Run your scam. Launder the money through an offshore credit card processor. Profit!

    What we really need in honeynets is for about 10% of these support operations to be sting operations run by law enforcement. That would make phishing and spamming a much higher risk operation.