Honeynet Revealing Actual Phishing Techniques

edsonie writes "CircleID is reporting on the recent Honeynet Project, 'Know your Enemy: Phishing', aimed at discovering practical information on the practice of phishing. The study reports on a number of real world examples of phishing attacks and the typical activities performed by attackers during the full lifecycle of such incidents. The research also suggests that phishing attacks "are becoming more widespread and well organized". Also with regards to the speed of such attacks, "phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online with supporting spam messages to advertise the web site, and that this speed can make such attacks hard to track and prevent." Check out the full report here presenting actual techniques and tools used by phishers."

Internet Darwinism

[Nytewynd]

Anyone that falls for a phishing scam is too dumb to have their money anyway.

At work, the security guys put together a phishing test. It looked exactly like our normal web page, they made is sound official by calling it some kind of Task Force, and then they emailed everyone a link to the password checker. It supposedly tested your password for security difficulty. You enter your ID and password and it would email you back the results.

I sent the link to the security guys and got an "Attaboy". About half of the people ended up on the list of idiots that handed out their secure passwords over the internet.

What goes through someone's head to enter passwords, bank account info, or personal identity information over the Internet? Don't people consider that the companies supposedly asking for this stuff should already have it. You bank is never going to ask you for your account number over email. They already have it!

Re:Phishing!

[Ralin_JM]

And when a "Tom Sawyer" steals your identity, he "gets high on you".

Mirrors

Europe

Greece - http://honeynet.phrapes.net/
Romania - http://honeynet.iasi.roedu.net/
Croatia - http://honeynet.lss.hr/
France - http://honeynet.startx.fr/
Germany - http://honeynet.fh.net/
Germany - http://honeynet.spenneberg.org/
Germany - http://project.honeynet.de/
Ireland - http://honeynet.heanet.ie/
Italy - http://honeynet.securityinfos.com/
Netherlands - http://honeynet.hackers.nl/
Netherlands - http://honeynet.evilcoder.org/
United Kingdom - http://honeynet.ntcity.co.uk/
Asia

India - http://honeynet.tiet.ac.in/
Phillipines - http://honeynet.opensourcecommunity.ph/
Singapore - http://www.security.org.sg/honeynet/
Korea - http://honeynet.secuwiz.com/
Malaysia - http://honeynet.0ni0n.org/
China - http://honeynet.xfocus.net/
South America

Brazil - http://mirror.honeynet.org.br/
North America

Canada - http://honeynet.ihackedthisbox.com/
USA, NY - http://www.clientbox.net/
USA, TX - http://honeynet.5dollarwhitebox.org/
USA, OH - http://mirror.clevelandhoneynet.org/
USA, VA - http://honeynet.streetchemist.com/

Re:Was I the only one... ?

[AtariDatacenter]

The write-up certainly seems more threatening in the alternative context...

Also with regards to the speed of such attacks, "fisting attacks can occur very rapidly, with only limited elapsed time between the initial intrusion and a fisting..."

Ouch!

They're getting MUCH better at it

[DG]

That might have been true once upon a time, but the phishers are getting VERY good at hiding their phish.

I've seen a PayPal phish that was very sophisticated, doing things like putting bogus info into the URL bar, duplicating the layout of PayPal's site EXACTLY... it turned out to be very difficult to spot the smoking gun - I had to go look at the raw HTML to find it.

Had I not been as paranoid as I am, it could have easily suckered me.

Read the article, and follow some of the links to the actual attacks. It's amazing how good they are. (It's equally amazing that a web browser would do anything on link mouseover EXCEPT show the real target of a link!)

Yes, there are plenty of stupid people - some people actually buy products from spam, or send money to Nigeria, etc etc. But the quality of the phishers is getting so good that it is hard to tell (in some cases) what is valid or what is not.

DG

Strange Phenomenon

[Nytewynd]

One thing I don't understand about phishing is why it works so well. I imagine it is probably just the volume of the attacks, so they are more likely to catch an idiot than in the past.

Consider:

1. Most people wouldn't give out a credit card number randomly over the phone
2. Most people wouldn't return junk mail that asked for a social security number
3. Most people wouldn't walk up to a complete stranger on the street and hand them their ATM card and PIN

I think computers mystify older people to the point where they lose their mind. I see it in general. My friend's father-in-law had a "computer question" for me about ebay. He wanted me to tell him how to determine the price he should sell something for. I tried to explain to him that his question had nothing to do with ebay itself, but he was so caught up in the process of selling on ebay, he was totally confused.

Maybe phishing works so well because some people are so confused by computers in general, they simply assume that their bank would ask them for this information over email (from an account named bank_stealer@hotmail.com).

Dealing with this kind of leads to the appropriate saying:

You can give a man a fish and feed him for a day, or teach him to fish and feed him for the rest of his life.

You can't get rid of phishing by blocking sites. You have to do it by educating people not to enter their info.