Submission + - What are we doing about phishing?
JayGuerette writes: I regularly receive phishing emails for about 20 banks and other online services. I'm happy to forward them to the proper domain holder. If it's a new one I haven't seen before, it may take some time to figure out where to forward the email. 'abuse@' and 'spoof@' are most common, some people use 'security@' or more obscure addresses. Some people want it forwarded, some people want an attachment, some people expect you to copy & paste the email into a web form.
Most places fail to understand that I'm doing them a favor. I am not one of their customers; and under only a slight moral obligation to notify them. If they make it too difficult, then I will just delete the email. For example: Halifax Bank expects you to prepend the subject line with 'Report'. Perhaps they think modifying the subject line is not a big deal; but spending more than 5 seconds on an email IS a big deal, when simply deleting it and moving on takes 0 seconds. Copy and paste to a web form? No way in hell.
I always wonder what the recipient is going to do. Companies like Amazon, PayPal, eBay, Chase, Bank of America, and Capital One, most likely have a well-practiced response. Today, I received an email today from "ePassporte Cardholder Services" informing me that an email I had forwarded to them was a phishing email and that I shouldn't respond to such emails. I had forwarded the phishing email to them 3 months ago. I suspect this means, for at least the past 3 months, someone has been successfully gaining access to ePassporte accounts.
Phishing losses are estimated at over $3.2 billion in 2007. Large corporations theoretically have the legal expertise and funding to shut down the phishing sites; are they really doing anything about it? Do smaller companies typically have the resources to deal with this issue?
Is your company prepared to handle a phishing attack against your customers? The site: www.antiphishing.org seems like a great resource. Does anyone have "real world" experience they can share?
Most places fail to understand that I'm doing them a favor. I am not one of their customers; and under only a slight moral obligation to notify them. If they make it too difficult, then I will just delete the email. For example: Halifax Bank expects you to prepend the subject line with 'Report'. Perhaps they think modifying the subject line is not a big deal; but spending more than 5 seconds on an email IS a big deal, when simply deleting it and moving on takes 0 seconds. Copy and paste to a web form? No way in hell.
I always wonder what the recipient is going to do. Companies like Amazon, PayPal, eBay, Chase, Bank of America, and Capital One, most likely have a well-practiced response. Today, I received an email today from "ePassporte Cardholder Services" informing me that an email I had forwarded to them was a phishing email and that I shouldn't respond to such emails. I had forwarded the phishing email to them 3 months ago. I suspect this means, for at least the past 3 months, someone has been successfully gaining access to ePassporte accounts.
Phishing losses are estimated at over $3.2 billion in 2007. Large corporations theoretically have the legal expertise and funding to shut down the phishing sites; are they really doing anything about it? Do smaller companies typically have the resources to deal with this issue?
Is your company prepared to handle a phishing attack against your customers? The site: www.antiphishing.org seems like a great resource. Does anyone have "real world" experience they can share?
