Slashdot Mirror


Honeynet Revealing Actual Phishing Techniques

edsonie writes "CircleID is reporting on the recent Honeynet Project, 'Know your Enemy: Phishing', aimed at discovering practical information on the practice of phishing. The study reports on a number of real world examples of phishing attacks and the typical activities performed by attackers during the full lifecycle of such incidents. The research also suggests that phishing attacks "are becoming more widespread and well organized". Also with regards to the speed of such attacks, "phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online with supporting spam messages to advertise the web site, and that this speed can make such attacks hard to track and prevent." Check out the full report here presenting actual techniques and tools used by phishers."

4 of 155 comments (clear)

  1. Internet Darwinism by Nytewynd · · Score: 5, Interesting

    Anyone that falls for a phishing scam is too dumb to have their money anyway.

    At work, the security guys put together a phishing test. It looked exactly like our normal web page, they made is sound official by calling it some kind of Task Force, and then they emailed everyone a link to the password checker. It supposedly tested your password for security difficulty. You enter your ID and password and it would email you back the results.

    I sent the link to the security guys and got an "Attaboy". About half of the people ended up on the list of idiots that handed out their secure passwords over the internet.

    What goes through someone's head to enter passwords, bank account info, or personal identity information over the Internet? Don't people consider that the companies supposedly asking for this stuff should already have it. You bank is never going to ask you for your account number over email. They already have it!

    --
    /. ++
  2. This is getting really frustrating by AT-SkyWalker · · Score: 4, Interesting
    I've noticed that the number of messages I'm getting from Paypal and EBay are increasing dramatically.

    The problem is that they are pretty organized; you get one, then a follow up, then a final warning and so on. I can imagine that a majority of Mom and Pop type of users finally succumb to theses sort of attacks since they seem to be pretty well coherent !

  3. It can be quite difficult to resist by what+about · · Score: 4, Interesting

    I got an email stating that an order had been placed with my name and it was being delivered. Now, I have two choices:

    Do nothing and mybe allow some delivery of goods that I do not want (I am in UK, not US) and then have to return them or anyway cancel the payment (can be difficult if made by debit card) even if the crook got the numbers from looking at you at the supermarket.

    Have a look and see what it is about.

    The ECommerce site was a troian installer, it didn't work since I user Opera and have activeX disabled (Quite interesting all the tecnique they used)

    The point is that sometime it is quite difficult to know if something is legitimate or not and to me the only solution is to have less wizybang applications and more reliable ones.

    No activex, plain HTML browsing.

    Banks should NOT use funny addresses for part of their pages, just one clear address.

    No magic jumping between applications, no magic installing, make it painful to install something taken from the network !

  4. Re:The best defense... by tehshen · · Score: 4, Interesting
    One of the things e-mail clients could use from Gmail is how it handles said PayPal phishes. It lets through the message, but puts up a big red box saying:
    Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.

    Which doesn't get in the way, and is startling enough to not be ignored. It makes most users think "Is this a real e-mail?", and if it's on some company network, they could ask for help and be told not to reply, then slowly learn not to by themselves.
    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.