Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Golden Hour of Phishing Attacks

Posted by CmdrTaco on from the get-the-camera dept.

Orome1 writes "Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims' credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn't include the time required to take down the phishing Web site, they've dubbed the first 60 minutes of a phishing site's existence is the critical 'golden hour.'"

12 of 59 comments (clear)

  1. A solution presents itself by Wonko+the+Sane · · Score: 4, Funny

    Delay all email deliveries for one hour. What could possibly go wrong?

    1. Re:A solution presents itself by Chrisq · · Score: 3, Funny

      Delay all email deliveries for one hour. What could possibly go wrong?

      Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.

      whoosh....

    2. Re:A solution presents itself by Anonymous Coward · · Score: 5, Insightful

      Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first,

      Congratulations! Gmail has determined that you are smart and competent. Your reward is more spam.

    3. Re:A solution presents itself by Anonymous Coward · · Score: 2, Informative

      I'm pretty well convinced that google already does this with spam but they don't have a "report scam" button (unfortunately.)

      Gmail does, in fact, have a "report scam" button. Click the menu button to the right of "Reply" in any message to "Report phishing." Done.

    4. Re:A solution presents itself by alexmipego · · Score: 5, Insightful

      They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.

  2. Scrub the sites... by AdamThor · · Score: 4, Funny

    So what we need is a way to scrub those websites within the critical time period, yes? A cleaning program? A sort of "Golden Shower"?

    --
    -- "Oh. This guy again."
    1. Re:Scrub the sites... by gmuslera · · Score: 2

      Sometimes is not phishing. If you i.e. block for an hour in the proxy the websites refered by incoming mails you will slow down those scams, but also the real sites (i.e. places where you register and have to confirm that your email)

  3. Education is the best medicine by digitaldc · · Score: 2

    Educating people about computer scams seems to be the best way to combat this problem. Otherwise, we can just provide an IQ test as part of the Windows boot process.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
    1. Re:Education is the best medicine by panda · · Score: 2

      Quoth Bruce Schneier:

      There's nothing we can do to educate users, and anyone who has met an actual user knows that.....Rather than focus on what can we do to educate users, we need to focus on building security that doesn't require educated users.

      Reference: http://www.schneier.com/news-055.html

      --
      Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
  4. In other news... by Amorymeltzer · · Score: 2

    The 15 minutes it takes the cops to respond to a robbery have been dubbed "The golden quarter-hour of robberies." I would expect the majority of successes to occur before security mechanisms have started, what with them being security mechanisms and all.

    --
    I live in constant fear of the Coming of the Red Spiders.
  5. Simple by PPH · · Score: 4, Funny

    I never answer e-mail within an hour of receipt. I'm too busy trying to make first post.

    --
    Have gnu, will travel.
  6. NEW DISCOVERY! by gparent · · Score: 2

    NEW DISCOVERY! It can take up to several hours to understand a joke on slashdot! A solution presents itself, th-....