Netcraft: 5,600 Phishing Sites Since December 181
miller60 writes "Netcraft has tracked and blocked 5,600 known phishing sites since the December launch of its anti-phishing toolbar, which it has now updated with a risk rating feature that warns users about new sites with phishy characteristics, based on trends observed in known phishing scams. It has also started a service that makes the full list available of phishing sites as a continuously updated feed for service providers and companies to use in mail servers and web proxies." One bad sign: the phishing attacks I see are getting (on average) more professional in their phrasing -- it used to be easy to toss out the trawlers based on their spelling alone.
Spelling (Score:5, Funny)
One could say the same for the /. trolls.
Re:Spelling (Score:2, Funny)
Re:Spelling (Score:3, Funny)
Submit a new site, get a gift? (Score:5, Interesting)
They ask me to reply to their email address with my full name, street address so that they can send me a "gift". I don't know what it is (haven't received it yet), but thought it ironic that they were soliciting information in a phishing-style.
I sent them the address so they can send me a gift (t-shirt? who knows) since I knew I had contacted THEM about the particular phishing URL, and the info they requested could be gleaned by someone who wanted to find out, but found it humorous nonetheless.
Anybody know what is this "reward" they mail you? I'm curious.
Re:Submit a new site, get a gift? (Score:3, Funny)
Re:Submit a new site, get a gift? (Score:2)
I play mine at LAN parties.
Re:Submit a new site, get a gift? (Score:5, Informative)
Well according to this: http://news.earthweb.com/security/article.php/345
Re:Submit a new site, get a gift? (Score:5, Funny)
Or they can collect on their winnings immediately by clicking on this link, with their accound name and password to paypal ...
Re:Submit a new site, get a gift? (Score:2)
Wouldn't you like to know? It was a lovely little phish.
And it went wherever I did go.
Re:Submit a new site, get a gift? (Score:4, Insightful)
Last one of these I encountered (an eBay phishing scheme) was hosted on Comcast's network. To Comcast's credit, the site was inaccessible within 2 hours of my reporting it, and I got a very prompt response by email to my report.
Re:Submit a new site, get a gift? (Score:2, Funny)
Re:Submit a new site, get a gift? (Score:2)
Re:Submit a new site, get a gift? (Score:1)
Ok, Bad Joke. Back to work/.
Re:Submit a new site, get a gift? (Score:2, Insightful)
One Day (Score:3, Insightful)
no wait.... only those gullables will find themselves in trouble.
Phishing is only a problem when you aren't paying attention.
Re:One Day (Score:2)
And yet I fell for one 3 weeks ago. I feel like such a loser.
It was the timing. I had just been on my online checking/banking site, and got an email. I thought, huh, I was just there. Didn't even think about it. I figured i needed to get it fixed so I could do the rest of my transactions that day.
If I fell for it, grandpa and grandma are definately going to fall for it.
$3600 later....
When is the profitability not there? (Score:2)
It's the same principle as spamming. It costs next to nothing to send out the e-mail and you need only a small handful of people to fall for the scam in order to make the whole endeavour worthwhile.
Hell, it's even better than spamming; at least spammers have some sort of product to sell. Scammers don't have to provide anything. They just empty out your bank account for pure profit.
Live Bait (Score:2, Insightful)
Re:Live Bait (Score:2)
Re:Live Bait (Score:2)
Bingo - I think you got it. The chargeback hits the merchant. The credit card company really pays nothing anyway AFAIK.
IMO, it's perfect. The purchase occurs, and the merchant pays the piper.
Imagine this economy for a second now:
1) Phishing scam begins
2) Customer CC#'s are stolen
3) Computer gear is purchased with stolen CC#
4) Phisher
Re:Live Bait (Score:1, Informative)
Re: (Score:2)
Re:Live Bait (Score:2)
Re:Live Bait (Score:2, Interesting)
"But when the PTO could enforce trademark IP to protect the consumer, they do little or nothing."
This is because it's left to the trademark owners, not the PTO.
"How come Citigroup isn't spending billions to protect its trademark, which is used to con thousands of people a day into phishing scams?"
Should *you* be held liable if someone uses *your* identity to scam others? If someone nabs your SIN and starts causing mischief, should yo
Re:Live Bait (Score:2)
Then maybe you can spew your disorganized posts, naive questions, and obnoxious bitching, Anonymous clueless Coward.
Re:Live Bait (Score:4, Insightful)
First off, phishers are _hard to catch and prosecute_. They're often located in other countries using and/or using compromised resources such as zombified home machines to serve their pages. They're committing fraud, they're not going to stop because Citigroup sends them a cease and desist. Thats like saying the real crime of the war on drugs is that the IRS hasn't dragged in all of these drug kingpins for not paying taxes.
Secondly, who the hell is subsidizing anything? The Patent Office takes in more in user fees than it spends - It's a yearly budget battle for them to keep more of what they bring in, not to get more money from congress. They've been totally user fee supported for at least 12 years now.
Re:Live Bait (Score:2)
Re:Live Bait (Score:2)
Re:Live Bait (Score:1)
Re:Live Bait (Score:2)
40% Insightful
30% Overrated
20% Offtopic
What is "Offtopic" about pointing out that phishing depends on trademark exploits, which the PTO isn't addressing? And that "Overrated" mod is really just the most cowardly TrollMod of all: anonymous, unsupported, but negative.
Re:Live Bait (Score:2)
Re:Live Bait (Score:2)
Re:Live Bait (Score:2)
Gasp! (Score:1, Redundant)
Re:Gasp! (Score:2)
Re:Gasp! (Score:2)
Maybe he has a Nigerian Express credit card and phishing scams on Nigerian Express credit cards work that way.
In other words, he gets an e-mail saying that he needs to updat
Their own fault, too! (Score:2)
Often, the sites even have Jen-You-Whine graphics from the banks/institutions being scammed, because the real site owners don't even take the precaution of checking the brower referrer header. If you request (say) a Citibank.com graphic and the referring page isn't one one that belongs to Citibank, then it should come up with a graphic that includes "NOT A LEGITIMATE CITIBANK SITE"
Comment removed (Score:3, Interesting)
Re:firefox toolbar? (Score:3, Informative)
1. Encrypted URLS turn the address bar to a gold color to remind you that you're on an encrypted site. And, more importantly,
2. In the lower right hand corner of the screen, Firefox tells you the name of the site to which the digital signature certificate is assigned.
Re:firefox toolbar? (Score:4, Insightful)
Re: (Score:2)
Re:firefox toolbar? (Score:2)
Re: (Score:2)
"Continuously encrypted list"? (Score:2)
Is that list being provided to law enforcement?
Re:"Continuously encrypted list"? (Score:1, Insightful)
Neat idea. (Score:4, Interesting)
New sites: ouch! (Score:5, Insightful)
But man, wouldn't it suck to open a new site only to have Netcraft scare off all your customers?
I wonder what "new" means. How long do phishing sites stay around? And how badly would this kill the buzz of the initial marketing effort?
Time isn't the only tool they have in the toolbar, so hopefully novelty as the only warning sign won't ring any alarm bells.
Eventually, phishers will work around this by creating sites and only activating the phishing attack after the requisite time period has elapsed. But that's work, which weeds out the laziest phishers. Watching the escalation of tactics is going to be fascinating.
Re:New sites: ouch! (Score:2)
After all, technical solutions have worked SOOOO well against Spam, and email worms.
Re: (Score:2)
Re:New sites: ouch! (Score:2)
Re: (Score:2)
Re:New sites: ouch! (Score:2)
I get zero false positives reaching the definate spam bin, 2 or 3 a week from mailing lists get into suspect. I see maybe one a week which hasn't been flagged as suspect and is sitting in my inbox.
There's only 5 or 6 a day in the suspect folder to deal with, and since it's a Bayesian filter they all help to keep i
Re:New sites: ouch! (Score:2)
Some do, some don't. I find that most of my spam is now caught by various RBL's like Razor/Pyzor, and DCC. Plus a few of the new tests added in SpamAssassin [apache.org] 3.0. Bayesian scoring seems to do very little now, the spammers have found ways to obscure words so that they don't attract attention. But SA (even before 3.0) has tests for those tricks as well. Plus Clam AV [clamav.net] appears to be adding new signatures
Re:New sites: ouch! (Score:2)
No, really.
Re:New sites: ouch! (Score:2)
How to catch them... (Score:2)
Force the people who register URL's to have proof of who is buying the domain. Force them to have a credit card to buy, and force them to give a phone number and address that must be verified prior to making the URL go live. Banks do this, they check your social security number, they check your home address. Why ca
Re: (Score:2)
Re:New sites: ouch! (Score:2)
But it would suck if my new eYarn.com (buy all your yarn online!) site had its intitial Knitting Digest ad campaign, but grandma got scared off just because the site was new. (It turns out eyarn.com is actually taken. I h
Phishers Getting Good (Score:2)
I'm not admiring them. I'm not trying to understsnd them. I just look at it like "what an utter waste of a mind."
Re:Phishers Getting Good (Score:3, Informative)
Hint: Enable "full headers" on your e-mail. That way you won't spend a second before hitting the delete button.
Re:Phishers Getting Good (Score:2)
And I don't just delete the message. Phishing Scams like these I actually forward on to Pay Pal and Ebay's fraud units. It takes a few extra minutes, but it helps me sleep better at night.
Re:Phishers Getting Good (Score:2)
They sure don't make it easy... I tried forwarding one *twice* today to spoof.ebay.com and they rejected it each time because it wasn't done just the way they wanted. If I can figure out how to tie the pretty bow they want around the forwarded message, I might even succeed in giving them the information next time!
- Leo
ebay spoofs (Score:3, Informative)
I got a newer one just a short while ago that said:
Dear eBay Community Member,
The bid that you entered for the item ( 5569407583[original link removed] ) has been cancelled. You can view the reason provided for the cancellation by selecting the link bellow[sic].
http://cgi.ebay.com/ws/eBayISAPI.dll?Item=55694075 83&Bi [ebay.com]
Other ways to filter phishers out... (Score:3, Insightful)
I've always detected the trawlers by the fact that they're asking me to give them information via email.
Slashdot Announcement (Score:5, Funny)
We regret to inform you that our subscription database was lost in a major crash. In order to continue your advertising-free dupe ridden news service, we require you to verify your account details. Please have your credit card handy and head on over to Slashdot Subscription Verification [slashd0t.org] to verify your account. Once again, we apologize for the mis-hap.
Sincerely, teh Taco.Re:Slashdot Announcement (Score:1)
Re:Slashdot Announcement (Score:2, Funny)
The site you linked doesn't work. For the record, my credit card details are:
Name: Mr John Citizen
Visa Card number: 4940 5233 1123 0876
Expiry: 06/07
3 digit verification number: 666
Billing address:
202B King William Road
Hyde Park, SA 5061
Australia
BSB (branch routing) number: 065-332
Account number: 00222334
Pin number: 3356 ( MY MOTHER'S DATE OF BIRTH )
Re:Slashdot Announcement (Score:2)
I'm sorry, but one of your DNSes drops all packets on port 53, and the other one doesn't even respond to ping.
Could you provide alternate contact means so I can send you my personal data?
What we need are a new set of laws... (Score:3, Interesting)
The obvious responce will be more laws. Laws that will take away the freedom of the non-criminal. The RIAA is forcing ISP's to hand over IPA's. Commercial websites track customers. How long until the web requires authentication just to do anything?
I hope the government really hurts the first people it catches. But until the laws change, I doubt it will be that bad. If you could rip off 1,000 people for $1,000,000, would you? What if it meant 5 years in prision, and you could hide the money so it was there when you were released?
Assuming you don't get a email from the bank (Score:2)
Bwahahaha.
How the Netcraft toolbar works. (Score:5, Interesting)
Anyway, how the blocker works is pretty nifty, the toolbar creates an MD5 hash of each the url you visit, then compares it to a file that the toolbar auto-updates with the MD5 hashes of the bad urls. To figure out where info is coming from, take a look at "blocked.log" in the Toolbar directory, you'll see the lines that update "blocklist.dat". The only problem I saw is that www.badsite.com/bleh.html might be in there, but www.badsite.com itself might not be, even if both are really the same page.
I still think the best anti-phishing software would be a program that just notices when you are doing something really boneheaded. It would do things like shout "Hey, that's your ebay username and password and this isn't ebay! Are you sure you want to do this?" and "This page isn't posting to an encrypted page and that is a credit card number! Are you sure about this?". Just my little idea, I'm sure there are plenty of problems with it.
Re:How the Netcraft toolbar works. (Score:2)
They did the easy part... (Score:1)
Yes, but how many unknown phishing sites have they tracked and blocked?
The biggest problem... (Score:4, Interesting)
Re:The biggest problem... (Score:3, Insightful)
After all, if they don't care enough to make it easy to report phishers abusing their name, why should I make the effort to find out how to report it to them?
Re:It IS easy to report eBay scams (Score:2)
Re:The biggest problem... (Score:1)
mailto:lck@lck.mysch.net [mailto]
Re:The biggest problem... (Score:2)
Re:The biggest problem... (Score:2, Informative)
Re:The biggest problem... (Score:2)
http://pages.ebay.com/help/policies/id-account-
As far as I know, you don't have to be a registered member to report these phishers.
Re:The biggest problem... (Score:2)
Quoting myself, I know. However, this past weekend, I tried going to http://www.bestbuy.com/ [bestbuy.com] and the site reports that 'I dont have cookies enabled'. They must have some problem on their site so I figure I would report it to them (after testing it from 2 different machines). Emails to 'webmaster' and 'support' bounce. Emails to their DNS contact bounce. Another example of no way to get in touch with someone who give
Re:The biggest problem... (Score:3, Funny)
Go Syria! (Score:2)
Eh, I can't even think of a joke. One out of every 14 sites? Jeez.
Perhaps it's time for a little liberation?
still easy to recognize... (Score:1)
while true, they all still contain some form of 'verification' and urgency to the request. I see 'verify' or 'confirm' and I didnt recently sign up for a forum or ask for a password reset, I get rid of it
Phishing Sites (Score:4, Funny)
Catching them (Score:1)
My wife doesn't need it on her Win2K box. (Score:2, Funny)
She uses FireFox and ThunderBird, (fuck IE and Outlook,) despite knowing barely enough to switch on the machine.
My wife... I think I'll keep her.
As for me... She's taught me well.
CNet's site been mined for addresses so I got that crap from them (maybe CNet is in worse financial shape that they're letting
hard? (Score:2)
And it still is. I don't have an account with the First Whatever Bank, so it must be spam. I know that neither paypal or ebay will send me mail asking for my password. I know that my bank doesn't even know my e-mail address.
What is wrong with you people?
how about an OSS/free version of this? (Score:2, Interesting)
or did netcraft patent it?
I personally would trust a OPEN list that is under the eyes of many than a closed and encrypted secret list that can have sites or ip addresses secretly added to serve an agenda.
Netcraft confirms it! (Score:2)
If you want to block'em at the server... (Score:2)
Most of the Phishing is detected as virus by ClamAV on my servers, and the few that escapes from it are stopped by SpamAssassin.
I administrate a small server, with only a few hundred accounts. But it's still amazing how it effectively stops virus/spans/phishing.
Funny thing is, we're behind a SymantecAV server... as required by the company "secure policy". But most of the new virii passes through it... and in the end AmavisNew and ClamAV
professional? (Score:3, Insightful)
i'll be worried when i start seeing attacks imitating places that i actually have accounts at. other than paypal, i don't think a single one out of the thousands of phishing attacks i've received has tried to imitate a bank or institution that i actually do business with.
maybe it's just me, but i would think that when people see hundreds of emails coming from places they've never done businesss with in their life, they might be a little suspicious when they see one that's almost exactly the same except with their bank's logo on it, no matter how well written. or am i expecting too much of the average person?
It's all phishing! (Score:2)
For me, it's still easy. If it says it is from any sort of "phinancial institution", it's a phishing exercise. Email is one thing that I do NOT give to banks, credit card companies, or other companies that deal with my money. If a bank ever tells me that I authorized something to be transfered via electronic means, they damn well better be ready to provide restitution, because I do not and will not authorize any such transfer, except
Re:FP - Help (Score:1, Informative)
From the contents of your post, you seem to be doing quite well, but ...
I can't figure out an effective way to do it in only three posts.
Yes, indeed, I think you haven't figured out one very important small detail...
What would you do?
Hmmm, ..., maybe log in?
Can anyone help me?
You're welcome!
Re:FP - Help (Score:2, Funny)
Great!
No, wait, wrong post - my bad. My account's karma is having problems, and SlashDot can't confirm some of my details. So, quick, go log int
Re:Phish Samwitch (Score:2)
Re:Phish Samwitch (Score:2)
--The Syntax Police
Apparently it is (Score:2)
proactive Main Entry: proactive
Pronunciation: (")prO-'ak-tiv
Function: adjective
Re:why isn't the list free? (Score:2)
No one cares but the scammed (Score:2)
There are two classes of scam IPs, in my experience. Those in SE Asia (Korea, China, etc), and those that are compromised machines here in the U.S. In