Re: Discovering and Stopping Phishing/Scam Attacks
From: Crispin Cowan (crispin_at_immunix.com)
Date: 04/27/05
- Previous message: byte_jump: "Re: Discovering and Stopping Phishing/Scam Attacks"
- In reply to: steven_at_lovebug.org: "Discovering and Stopping Phishing/Scam Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Apr 2005 15:59:30 -0700 To: steven@lovebug.org
I think that this will just force the phishers to host their own images.
As such, this approach is not very interesting unless there actually is
a problem for the phishers in hosting their own images. The phishers
could even host their own images on virtual domains that are typo-alike
to the legitimate domain name.
For me personally, I would not notice the difference, as I already have
my mail client configured to not load referenced images, because
spammers already use hits on their hosted images as web bugs to detect
working e-mails, and that just brings more spam down on your head. If
you are loading images referenced in e-mails, you probably want to
figure out how to turn that off.
Crispin
steven@lovebug.org wrote:
>As we have all noticed, there has increase in the number of phishing/scam
>attempts via e-mail that appear to be legitimate. Most of
>these e-mails look identical to e-mails that would be sent by the
>e-commerce or banking institute. They also frequently link to
>fraudulent/hacked webservers that also appear very similar to the website
>they are masquerading as.
>
>I noticed quite some time ago is that most of these websites
>and e-mails do not host their own images. From what I have seen, more
>often than not, these e-mails and websites link directly to images hosted
>by the legitimate website. For example, I just received an eBay scam
>asking me to signup to be a PowerSeller. The PowerSeller artwork, logos,
>and other images are all linked directly from eBay. So this makes me
>realize that there are a few things some of these targeted
>websites/businesses can do to detect these scam sites much quicker. I
>have made this suggestion to a few banking institutions in the past, and I
>have no idea if anyone has actually decided to implement my ideas or not
>-- but they seem pretty feasible.
>
>Since they are linking to the images hosted on the site they are cloning
>-- the banking/e-commerce website could just rename their images on
>their own webpage every so often (and update their webpages accordingly).
>However, at the same time they should keep copies of the images with their
>old names. Now they can check their logs to see what webpage(s) are
>accessing these old image names. Chances are they will link directly back
>to the hacked website purporting to be their page. This would allow for
>quicker detection of this phishing and scam websites, providing a slight
>leg up for sites trying to fight this.
>
>Just an idea -- let me know if anyone has any comments.
>
>Steven
>steven@lovebug.org
>
>
>
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
- Previous message: byte_jump: "Re: Discovering and Stopping Phishing/Scam Attacks"
- In reply to: steven_at_lovebug.org: "Discovering and Stopping Phishing/Scam Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
