Phishing Steals Spotlight at MIT Conference

Bob Brown writes "Companies are coping with spam, but phishing is another matter altogether, according to researchers at the annual MIT Spam Conference this week. From the article: "The response rate for phishing e-mails is much higher than for spam, says Paul Judge, CTO of messaging security maker CipherTrust. So while spammers have to send more and more unsolicited e-mail these days, as anti-spam filters get better at identifying and blocking spam, phishing attacks are well enough disguised that a higher percentage get through such filters, and more recipients click on them, he says."

Help stop them, by reporting them

[WyrdOne]

http://reportphish.org/

Also, those of you who use GMail, there is a "Report Phishing" option under "More Options"

Companies could do more to prevent phishing

[lorcha]

You have to admit that the companies themselves are making it as difficult as possible to spot phishing. For instance, look at the Citibank valid list of URLs:

1. web.da-us.citibank.com
2. www.citi.com
3. www.citibank.com
4. www.myciti.com
5. www.citibankonline.com
6. www.citibank.com/us/cards
7. www.accountonline.com
8. www.citicards.com
9. www.thankyouredemptions.com
10. www.studentloan.com
11. studentloan.citibank.com
12. citibusinessonline.di-us.citibank.com
13. citibusinessonline.com
14. citibusiness.com
15. www.citimortgage.com
16. www2.citimortgage.com
17. www.smithbarney.com
18. www.benefitaccess.com

Well, excuse me if I can't keep all your fscking domains straight, Citibank! How am I supposed to spot a phishing attack when you have 18 URLs on your list of valid ones? I think you could do a lot to help folks spot phishing emails if you would restrict yourself to your citibank.com domain. Then folks could remember, "You want citibank? Go to citibank.com."