Netcraft: 5,600 Phishing Sites Since December 181
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.
Submit a new site, get a gift? (Score:5, Interesting)
They ask me to reply to their email address with my full name, street address so that they can send me a "gift". I don't know what it is (haven't received it yet), but thought it ironic that they were soliciting information in a phishing-style.
I sent them the address so they can send me a gift (t-shirt? who knows) since I knew I had contacted THEM about the particular phishing URL, and the info they requested could be gleaned by someone who wanted to find out, but found it humorous nonetheless.
Anybody know what is this "reward" they mail you? I'm curious.
Comment removed (Score:3, Interesting)
Neat idea. (Score:4, Interesting)
Re:Live Bait (Score:2, Interesting)
"But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing."
This is because it's left to the trademark owners, not the PTO.
"How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?"
Should *you* be held liable if someone uses *your* identity to scam others? If someone nabs your SIN and starts causing mischief, should you have to come up with thousands of dollars to make things right again?
So what is your post advocating? Should the copyright holders be proactive, or the PTO?
What we need are a new set of laws... (Score:3, Interesting)
The obvious responce will be more laws. Laws that will take away the freedom of the non-criminal. The RIAA is forcing ISP's to hand over IPA's. Commercial websites track customers. How long until the web requires authentication just to do anything?
I hope the government really hurts the first people it catches. But until the laws change, I doubt it will be that bad. If you could rip off 1,000 people for $1,000,000, would you? What if it meant 5 years in prision, and you could hide the money so it was there when you were released?
How the Netcraft toolbar works. (Score:5, Interesting)
Anyway, how the blocker works is pretty nifty, the toolbar creates an MD5 hash of each the url you visit, then compares it to a file that the toolbar auto-updates with the MD5 hashes of the bad urls. To figure out where info is coming from, take a look at "blocked.log" in the Toolbar directory, you'll see the lines that update "blocklist.dat". The only problem I saw is that www.badsite.com/bleh.html might be in there, but www.badsite.com itself might not be, even if both are really the same page.
I still think the best anti-phishing software would be a program that just notices when you are doing something really boneheaded. It would do things like shout "Hey, that's your ebay username and password and this isn't ebay! Are you sure you want to do this?" and "This page isn't posting to an encrypted page and that is a credit card number! Are you sure about this?". Just my little idea, I'm sure there are plenty of problems with it.
The biggest problem... (Score:4, Interesting)
how about an OSS/free version of this? (Score:2, Interesting)
or did netcraft patent it?
I personally would trust a OPEN list that is under the eyes of many than a closed and encrypted secret list that can have sites or ip addresses secretly added to serve an agenda.