Anti-Phishing Tools 233
mikeage writes "PCWorld has an article about an anti-phishing tool available that tries to detect fake websites." This is about Web Caller-ID already in use by eBay's custom user toolbar. The article also talks a bit about the incredible increase in phishing scams.
Already sluggish... (Score:5, Informative)
WholeSecurity's new software claims to identify fraudulent sites.
Paul Roberts, IDG News Service
Monday, August 16, 2004
A new software tool from WholeSecurity can spot fraudulent Web sites used in online cons known as "phishing" scams, according to a statement from the company.
Advertisement
The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies, and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud, and increase confidence in online commerce, the company says.
Phishing scams are online crimes that use unsolicited commercial, or "spam," e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account, or credit card number, often under the guise of updating account information.
Already in Use
A version of Web Caller-ID is already being used by EBay in a feature called Account Guard, part of an EBay Web browser toolbar that users of the online auction site can download for free. The feature detects suspicious behavior, such as Web URLs that disguise the true Internet address of the site the user is visiting.
Companies can license a Web browser plug-in from WholeSecurity, which can then be distributed to customers directly or as part of a Web browser toolbar. Alternatively, companies can sign up for an e-mail processing service from WholeSecurity that harvests information on phishing scams from spam e-mail or customer complaint e-mail sent to the company, WholeSecurity says.
A Web browser-based management console lets administrators view suspected phisher sites, file complaints against spoof Web sites, or fine-tune the Web Caller-ID technology to adapt to their company's Web site.
On the Rise
Reports of phishing attacks have skyrocketed in recent months, according to the Anti-Phishing Working Group (APWG), a joint industry-law enforcement group.
There were 1422 new, unique attacks reported to the APWG in June, a 19 percent increase over the previous month. Since the beginning of 2004, reports of the attacks have grown by 52 percent a month on average, the group says.
A survey of 5000 adult Internet users by research firm Gartner released in April found that the number of phishing attacks spiked in the last year and that around 3 percent of those surveyed reported giving up personal financial or personal information after being drawn into a phishing scam. The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner says.
Taking the First Step
Web Caller-ID is not a cure-all for the phishing problem, but is a good first step to provide comprehensive protection from the scams, says Howard Schmidt, former White House cybersecurity advisor and the current chief information security officer at EBay.
"These are some of the things we need to do moving forward--getting technology built into the Web browsers themselves to do these things," he says.
However, better user education and stronger security from online retailers, banks, and financial institutions is also needed to protect technically unsophisticated consumers from complex online cons like phishing attacks, Schmidt says.
"You can't put somebody in a car and tell them to drive, but not tell them what the brake and gas pedal are for," he says.
Anti-phishing toolbar for FireFox (Score:5, Informative)
Spoofstick [corestreet.com] is a plugin for FireFox or Internet Explorer that can help identify 'phishy' sites while surfing.
It does take a little more real estate out of the browser's window, but it's a pretty useful tool when teaching people about the dangers of clicking links blindly.
Re:Educate (Score:2, Informative)
This would fool 98% of semi-experienced users.
AntiPhishiing.org (Score:5, Informative)
--------
Kaput? (Score:2, Informative)
List of IPs used by phishers (Score:5, Informative)
Some folks here may find it usefull.
Cool phishing detection quiz (Score:5, Informative)
This [mailfrontier.com] nifty quiz can help you assess your phishing detection abilities. Recommended.
I just looked at the list (Score:3, Informative)
Re:phishers of men (Score:3, Informative)
Re:Cool phishing detection quiz (Score:3, Informative)
No one who wants your business is going to waggle their finger and scold you about taking action NOW or you will lose your account, the way most of the phishers do. Even if you haven't payed them -- they just suspend it and tell you to call them on the phone.
Re:Email Phishing (Score:5, Informative)
Who knows what they do with that information. Maybe nothing. Still, it's worth reporting, if only to show that the community is against these frauds.
Re:Educate (Score:4, Informative)
Re:phishers of men (Score:2, Informative)
I wouldn't go there even with 10 bouncer friends, but then again, I wouldn't fall for a Nigeria letter either.
Re:Email Phishing (Score:1, Informative)
First step (Score:5, Informative)
The first step is obviously to check the headers of an email you receive. Just see who sent you the damn thing (from Received headers). Was it actually an IP belonging to .paypal.com? This is easy to check using 'whois'. If the whois lookup shows the IP delivering you the email is from the company you expect (VISA, Paypal, Ebay) then it's fine.
OK, how about an example. Take this US Bank phishing scam, here are the Received headers:
The first Received hop is my ISP. The second Received hop is the only important one; it describes the connecting host. Note that the host here pretended to be usbank.com but that name is a sender-supplied ID; it's worthless. What you're looking for is the IP address between square brackets, which can not be forged. Now just check 211.209.208.87 using whois
See, easy. This email came from Korea, not US Bank. It's a scam!
Re:Here's a good way... (Score:3, Informative)
You're wrong. The phisher's site can immediately attempt logging into the legit site with the stolen credentials, then return an appropriate response to your browser. To you, at worst, it would look like typical net lag. This is so trivial to do that some phishers must already be doing this.
In fact, they could just proxy your connection to the original site. This way, you would actually be using the legimate site -- you could not tell any difference. It's just that all traffic would be passing through the phisher's computers too, and they could grab whatever information they wanted.
Re:Email Phishing (Score:3, Informative)
Re:Email Phishing (Score:1, Informative)
Corporations have private armies (and strict rules for "business war" which is quite literally just that), US Senators represent corporations instead of geographical and political factions (states and parties), advertising agencies don't just advertise or create products but re-organise entire industries and the consumptions of entire continents...
And nobody talks about "commies" any more, the "consies" (conservatives) are the enemy of progress and free capitalism
And it's just a plain good story regardless of the dizzying visionaryism in it.
Re:Email Phishing (Score:2, Informative)
While the interface probably isn't what you're expecting, that is already possible. In the Account Settings dialog, select SMTP in the pane on the left. Then click the Advanced button on the right, and you can add multiple SMTP servers. Then for each account select Server Settings in the left pane, and click the Advanced button on the right. You can specify any of the configured SMTP servers there. You can also select from any of the configured SMTP servers during email composition, the from line should have a pull-down arrow next to it.