Anti-Phishing Toolbar Available. How to Avoid Bank and Ebay Phishing Scams
Grok Headline matches for Anti-Phishing Toolbar Available. How to Avoid Bank and Ebay Phishing Scams
Netcraft Debuts Anti-Phishing Toolbar
For IE
Netcraft Debuts Anti-Phishing Toolbar
For IE
12/31/2004 06:44 PMTechWeb Dec 31 2004 10:23PM GMT
Netcraft Releases Anti-Phishing Toolbar
Netcraft Releases Anti-Phishing Toolbar
12/30/2004 11:36 AMNetcraft launches free anti-phishing
toolbar
Netcraft launches free anti-phishing
toolbar
01/04/2005 06:46 AMComputer Weekly Jan 4 2005 11:16AM GMT
Netcraft: Netcraft Anti-Phishing Toolbar
Available for Download
Netcraft: Netcraft Anti-Phishing Toolbar
Available for Download
12/31/2004 12:43 PMNetcraft: Netcraft Anti-Phishing Toolbar Available for
Download
news.netcraft.com/archives/2004/12/28/netcraft_antiphishing
_toolbar_available_for_download.html
track this
site | 3 links
Database of Phishing Scams Available
Database of Phishing Scams Available
04/24/2004 01:00 PMPhishing scams are when you get e-mails from alleged legitimate
institutions (banks, eBay, whatever) saying that your account has been
compromised or you've been charged a zillion dollars or whatever....
Be Aware of Phishing Scams!
Be Aware of Phishing Scams!
07/04/2004 06:57 PMWebDevInfo Jul 4 2004 11:27PM GMT
Pharming Out-Scams Phishing
Pharming Out-Scams Phishing
03/14/2005 05:21 PMA fast-spreading online swindle redirects web users to phony sites
where criminals can capture passwords and other data. Unlike phishing,
which targets one user at a time, pharming nabs multiple victims at
once. By Michelle Delio.
Phishing Scams Gets Savvier
Phishing Scams Gets Savvier
05/02/2004 04:48 PMCyber-criminals and scam artists are taking phishing e-mail scams to
the next level.
Phishing scams luring more people
Phishing scams luring more people
04/19/2004 07:07 PMglobetechnology.com Apr 19 2004 10:20PM GMT
Phishing scams cost UK banks £1m+
Phishing scams cost UK banks £1m+
04/26/2004 11:39 AMBrute force and ignorance
Internet Users and Phishing Scams
Internet Users and Phishing Scams
04/02/2005 04:12 PMTechnology News Daily Apr 2 2005 7:49PM GMT
Phishing Scams Amazingly Effective
Phishing Scams Amazingly Effective
07/28/2004 04:53 PMAn anti-spam company showed a bunch of emails to people to see if they
could spot the phishing scam emails from the legitimate emails and
discovered that an awful lot of people are easily fooled.
28% of the time, people
thought scam emails were legit. No wonder they're so popular
these days. The study also turned up that there are problems with
false negatives as well. A large number of perfectly legitimate
emails are now being dismissed as fraudulent by users who are too
weary of phishing scams. This, obviously, can be quite troublesome
for companies who need a legitimate way to contact their customers.
The answer seems pretty simple: don't put URLs in emails any more. If
you need someone to check their account, tell them to go to your
webpage and login, and have a clear splash page that details the
issue. Then, convince people not to click on emails in these
messages.
Phishing Scams Increase 1,200% in 6
Months
Phishing Scams Increase 1,200% in 6
Months
04/22/2004 06:43 PMInternet.com Apr 22 2004 10:19PM GMT
New IE hole could perfect phishing scams
New IE hole could perfect phishing scams
12/19/2004 03:47 PMA newly reported security problem in Microsoft's Internet Explorer
(IE) Web browser allows attackers to create a fake Web site that looks
exactly like a genuine site.
RE: eBay Account Phishing with eBay
Redirect - Ebay fixed this + related XSS
hole
RE: eBay Account Phishing with eBay
Redirect - Ebay fixed this + related XSS
hole
03/31/2005 07:14 PMRager, Anton (Anton) (Mar 31 2005)
Reports of phishing scams skyrocket in
April
Reports of phishing scams skyrocket in
April
05/20/2004 05:42 AMComputer Weekly May 20 2004 10:15AM GMT
Phishing Scams, Vioxx Top Spam List
Phishing Scams, Vioxx Top Spam List
12/29/2004 04:32 PMFor the second year in a row, America Online has released a "Top 10"
list of most common junk e-mail subject lines. Topping the list:
prescription medication offers for Vioxx and "phishing," or identity
theft scams. Falling out of favor this year were Viagra, teens and
Oprah.
Phishing: Real scams, fake sites
Phishing: Real scams, fake sites
07/21/2004 02:32 PMComputer Buyer Jul 21 2004 6:29PM GMT
Man arrested as police trawl net for
phishing scams
Man arrested as police trawl net for
phishing scams
04/30/2004 01:53 AMGuardian Unlimited Apr 30 2004 6:22AM GMT
Phishing scams reel in users with fake
e-mails
Phishing scams reel in users with fake
e-mails
06/01/2004 07:19 AMChicago Tribune Jun 1 2004 11:38AM GMT
Phishing scams rival virus attacks in
email tally
Phishing scams rival virus attacks in
email tally
08/11/2004 06:43 AMComputer Shopper Aug 11 2004 11:34AM GMT
Netcraft Toolbar Targets Phishing Sites
Netcraft Toolbar Targets Phishing Sites
01/05/2005 11:12 AMCatch a phish, win a coffee mug with the organization's new
anti-phishing toolbar for Internet Explorer.
New Netcraft Toolbar Blocks Phishing,
Analyzes Web Sites
New Netcraft Toolbar Blocks Phishing,
Analyzes Web Sites
12/30/2004 04:52 PMeWeek Dec 30 2004 8:05PM GMT
PhishGuard Launches Free Service to
Combat Internet "Phishing" and
"Spoofing" Scams
PhishGuard Launches Free Service to
Combat Internet "Phishing" and
"Spoofing" Scams
09/24/2004 03:13 AMPhishGuard Corporation today launched their FREE anti-phishing service
to detect and disable Internet "phishing" and "spoofing" attacks.
PhishGuard utilizes the collective observations of Internet users plus
a very rapid submission and distribution system to short-circuit new
scams. [PRWEB Sep 24, 2004]
Review: New Netcraft Toolbar Blocks
Phishing, Analyzes Web Sites
Review: New Netcraft Toolbar Blocks
Phishing, Analyzes Web Sites
01/02/2005 12:41 AMeWeek Jan 2 2005 3:13AM GMT
Free Report Helps Father's Day Shoppers
Avoid eBay Scams
Free Report Helps Father's Day Shoppers
Avoid eBay Scams
06/05/2005 11:37 PMTo help eBay shoppers during the Father's Day buying season, eBay
business expert Terry Gibbs has put together a free report to help
people avoid eBay scams. [PRWEB Jun 3, 2005]
eBay Goes Phishing
eBay Goes Phishing
01/03/2005 12:35 PMThe popular online auction site rolls out a new approach in tackling
account hackers: cut bait.
eBay aims to thwart phishing
eBay aims to thwart phishing
01/06/2005 07:30 PMMy Messages heading for the UK
Incredible New Ebay Phishing Mail
Incredible New Ebay Phishing Mail
06/24/2005 04:01 PM
This is a bit off
topic, but it's a fascinating study of what happens when Phishers get
a book on Javascript.
First off, I don't specifically understand what's going on here.
Ping me if you'd like to get the link and do some forensics.
Essentially, you go to the typical locked-down Apache site with lots
of fake Paypal material. It asks you to click another link and then
you get some sort of strange mini-browser that causes your main
browser to auto-supply your email and password. I stopped the script
before it could do any harm, but clearly they are piggy-backing on a
real site here.
The header of the mini-browser appears above. Click it to see the
full screen. I wouldn't normally post these but this one was so unique
and I haven't had my coffee yet. I got so freaked that I went and
changed my Paypal password. I changed it to 1234.
UPDATE - Slashdot picked up the trail as did Bachelor
Ben. Thanks, faceless horde!
Anti-Phishing Tools
Anti-Phishing Tools
08/17/2004 11:26 AMAnti-phishing group gets help from
Microsoft
Anti-phishing group gets help from
Microsoft
07/21/2004 11:28 AMThe software giant offers goods in kind to organization that
investigates Internet crime.
Other News: Anti-Phishing Tech
Other News: Anti-Phishing Tech
08/17/2004 11:27 AMCompanies are starting to market anti-phishing software, which looks
for suspicious URLs.
Other News: Anti-Phishing Group
Other News: Anti-Phishing Group
04/22/2004 09:19 AMThe Anti-Phishing Working Group aims to help combat this rampant scam
strategy.
Will A Reactive Anti-Phishing System
Work?
Will A Reactive Anti-Phishing System
Work?
09/14/2004 05:25 AMRealizing that phishing scams are a big deal these days, Symantec is
now launching
their
own anti-phishing system to help combat the problem. Of course,
since phishing relies more on social engineering to trick people into
revealing their bank account, credit card and/or other private info,
it's hard to see how a company could launch an effective anti-phishing
service. Symantec's works the same way many early anti-spam systems
worked: by creating a bunch of fake accounts, monitoring the results
and using them to build a database of phishing sites to block. It
certainly could help, but it might depend on how quickly it works.
Unlike the situation with spam, where it's not quite as awful if a few
messages get through, a phishing site that still gets a bunch of
victims is certainly problematic for those people. While it's unclear
if there's any better solution, a reactive solution to phishing may
just be too little too late.
Anti-Phishing Working Group Meeting
Anti-Phishing Working Group Meeting
04/09/2004 05:30 PM
I was out all day yesterday to attend the Anti-Phishing
Working Group meeting at Wells Fargo World HQ in San
Francisco. About one
hundred people from wide assortment of backgrounds were there, some
from law enforcement
agencies like the Secret Service and FBI, lawyers, prosecutors,
financial services,
e-tailers, solutions vendors, and security experts. APWG did
an impressive job
of pulling them altogether to focus on the phishing epidemic which
continues to grow.
While everyone wanted to pool resources to combat phishing, I
sensed a common desire
to protect details about ongoing APWG activities from the public
for various reasons.
Since I am not sure what APWG's policy is about blogging, I will
limit this post to
my thoughts and observations.
Toolbars
Warm receptions received by Account
Guard feature of eBay
Toolbar and Dan Boneh's SpoofGuard means
more toolbars in the near future. I predict we'll see about
ten security-related
toolbars released before this year is over. Since highly
integrated client-side
software like browser toolbars are one of my specialties, all this
is good news for
me but I couldn't help worrying about the oncoming glut of
toolbars, sidebars, and
deskbars causing confusion among users.
Microsoft
Microsoft needs to do more to combat phishing. Actually, they
need to do 'less'
by disabling or limiting use of hyperlinks and javascript in
Outlook and Hotmail.
Since phishing is causing real financial damages to companies and
individuals, Microsoft
created an arguably very large liability exposure by introducing
DHTML e-mail in Outlook.
My opinion is that hyperlinks in e-mail contents should require the
user to approve
each navigation after viewing a dialog that clearly indicate the
link destination.
This constraint can be eased depending on the age of the hyperlinks
because destination
phishing websites are more likely to be takendown or abandoned over
time. I
also think javascript should be disabled completely in e-mail
contents to protect
against new breed of javascript obfuscated webpages.
Hunters vs. Butchers
Law enforcement agencies are IMHO still in the hunter mode, meaning
hackers they find
and prosecute are more or less trophies for assuring the
public. Seen as services,
they are open to denial of service attacks by organized hackers
arming script-kiddies
to overload or slowdown cybercops. They need to think about
ways to shift-gear
from hunter to butchers mode now, if not just against
phishers, then for
homeland security.
Takedown.com
Most difficult part of fighting against phishing is taking down
phishing websites.
Differences and confusino in law and legal jurisdictions,
cross-language communication
issues, availability, authority verification problems, and other
issues make taking
down a fraud site a skill or an art of social networking,
ingenuity, and patience
which most companies do not have.
Solutions suggested so far like contacts and standards are useless
IMHO. A more
effective solution is to encourage entrepreneurs to startup
federated or franchised
businesses to offer takedown services around globe and around
the clock with the
local touch. Having middlemen like them solves most of
the issues mentioned
above.
Spoofback
Considering the difficulty with takedown, another options is to
'spoof back' by posting
phony information to the phishing websites in order to spoil the
goods by diluting
it with bad info. Instead of receiving 3,000 good responses,
phishers will receive
300,000 responses most of which will be bad. Another
variation is to post user
info leading to honeypots in order to phish the phishers. I
am not sure about
the legal issues, but hackback risk is no worse than the takedown
IMHO.
APWG Future Threat Models SIG
I have volunteered to participate in the Future Threat Models SIG
at APWG because
I am both highly creative and insanely paranoid which means I can
see blindspots where
none exists. :-) I probably won't be posting about
the activities
there but I will post my thoughts and publicize imminent threats
like the XSS
Network threat I posted about before.
Symantec Rolls Out Anti-Phishing Service
Symantec Rolls Out Anti-Phishing Service
09/13/2004 02:30 PMThe company unveils a new offering intended to help financial
institutions fight phishing attacks and online fraud.
Microsoft to fund anti-phishing group
Microsoft to fund anti-phishing group
07/22/2004 06:09 AMZDNet UK Jul 22 2004 10:31AM GMT
Thunderbird in line for anti-phishing
safeguards
Thunderbird in line for anti-phishing
safeguards
02/01/2005 08:53 PMA group of developers working on Thunderbird have come up with a new
anti-phishing feature. Can improved security safeguards aid in
Thunderbird adoption at the expense of other clients?
Netcraft Unveils Anti-Phishing Services
Netcraft Unveils Anti-Phishing Services
01/05/2005 04:44 PMtheWHIR Jan 5 2005 8:12PM GMT
Grok Description matches for Anti-Phishing Toolbar Available. How to Avoid Bank and Ebay Phishing Scams
GrokA matches for Anti-Phishing Toolbar Available. How to Avoid Bank and Ebay Phishing Scams
Anti-Phishing Toolbar Available. How to Avoid Bank and Ebay Phishing Scams
