RE: Discovering and Stopping Phishing/Scam Attacks

webcenter_at_sapo.pt
Date: 04/28/05

  • Next message: Randy: "RE: Discovering and Stopping Phishing/Scam Attacks"
    Date: Thu, 28 Apr 2005 15:46:51 +0100
    To: incidents@securityfocus.com
    
    

    ok mr. moderator...

    i think the real problem to phishing exists is the weak process of login systems
    today...

    anyone just needs a login and password, to be authenticated, i think web
    aplications needs to change login systems... to be more tight... and the
    phishers maybe loose there hope to grep information very easy with just a
    username and password...

    my idea and solution to a new login system is this...

    creating a 3rd field, this 3rd field the user will choose... it will work like
    saying yes this is the real bank system welcome back mr. user insert your
    password...

    the process...

    1rst page
    user -> puts the username...

    second page..

    3rd field -> what is your cat name? now the user knows that this was the
    question that he have put int the 3rdfield from the real bank site (he can put
    what he want)...
    password ?? -> user puts the password.. he is athenticated.

    now the phishers they have more work, needs two process to gain access to the
    bank user account...

    first they need to colect the username to get the 3rd field... and they need to
    put the 3rdfield in the false website... to get the password... but this is the
    deal...

    when a user or anyone, puts the username in this login system needs to proceed
    with a password, if not, if the user close the browser, if he tries 3times and
    can't login, the system will block the username and send a email to the real
    user, a code to unblock the username and force the user to change the username
    and 3rd field... and now the phishers don't know again what will be the new
    username and 3rdfield...

    this system, is nothing from other planet and i think that help a lot the users,
    and will stop a litle or a big % this phisher mans...

    regards
    Nuno Costa

    -----Original Message-----
    From: Krul Thomas [mailto:Thomas.Krul@psepc-sppcc.gc.ca]
    Sent: April 27, 2005 10:31 AM
    To: 'Alex'; incidents@securityfocus.com
    Subject: RE: Discovering and Stopping Phishing/Scam Attacks

    I received a phishing scam email for RBC Bank literally moments ago.
    The
    Web site is based in the Czech Republic with very little in the way
    to
    disguise the address of the site. (At last check, the site was still
    up
    at:
    http://updatestatus.webz.cz/rbc/cgi-bin/rbaccess/login.html)

    Odd, either there are some newbie phishers out there, or they are
    starting to realise that no matter how much they disguise their sites
    someone will be having them shut down soon enough so catching the
    uninformed in the few moments they have is paramount. Will we be
    seeing
    an increase in the diversity of referring addresses in a flooding
    attempt to catch the last remaining moms and pops who don't know
    better
    versus well-crafted addresses that don't arouse suspicions?

    -----Original Message-----
    From: Alex [mailto:incidents@alex.gotdns.org]
    Sent: Tuesday, April 26, 2005 7:51 PM
    To: incidents@securityfocus.com
    Subject: Re: Discovering and Stopping Phishing/Scam Attacks

    I agree that checking by referer addresses is a powerful way to
    detect
    phishing sites, but such logs can easily be adverted?

    Doesn't some anti-popup software remove referer fields?

    Simple use of javascript can allow a page to fetch anything without
    showing
    up in referer logs.

    While we are on the subject, has anyone come across commercial and/or
    government websites being (illegally?) mirrored?

    For example, I recently came a website located on a (Asian?) hosting
    provider where the content of the website was EXACTLY that of a
    well-known
    US govt website. (It appeared that they ran the equivalent of a
    recursive
    "wget" on the real site and hosted the files). It appeared to be
    several
    layers deep.

    Why would anyone want to do that?

    -Alex

    ------------------------------------------------------------------------

    --
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks
    from
    CORE IMPACT.
    Go to
    http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------
    --
    ------------------------------------------------------------------------
    --
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks
    from
    CORE IMPACT.
    Go to
    http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------
    --
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks
    from
    CORE IMPACT.
    Go to
    http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------
    SMS GRÁTIS do seu PC para qualquer rede nacional (TMN, Vodafone, Optimus e PTC). Basta instalar o SAPO Messenger e adicionar amigos!
    Vá agora a : http://messenger.sapo.pt/sms/
    --------------------------------------------------------------------------
    Test Your IDS
    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from 
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
    to learn more.
    --------------------------------------------------------------------------
    

  • Next message: Randy: "RE: Discovering and Stopping Phishing/Scam Attacks"

    Relevant Pages

    • RE: Discovering and Stopping Phishing/Scam Attacks
      ... I think that the system you're proposing will stop *current* phishing ... schemes but it wouldnt take a lot for the phishers to come up with a way ... If a user is willing to give their username and password to an unverified ... > CORE IMPACT. ...
      (Incidents)
    • Re: customer service
      ... And so you dug out your username, that is, typed it into the ... you were directed by the email or by the follow-up message to you ... Am.Exp./Discover itself warns customers about 'Phishing ... I just wait for the bill in the mail or for Quicken to download the ...
      (soc.retirement)
    • Re: customer service
      ... And so you dug out your username, that is, typed it into the ... you were directed by the email or by the follow-up message to you ... Am.Exp./Discover itself warns customers about 'Phishing ... and account information or to lure a Discover customer who responds to ...
      (soc.retirement)
    • Re: customer service
      ... And so you dug out your username, that is, typed it into the ... you were directed by the email or by the follow-up message to you ... Am.Exp./Discover itself warns customers about 'Phishing ... and account information or to lure a Discover customer who responds to ...
      (soc.retirement)
    • Login System
      ... I want to make a login system so only certain people can access the ... worksheet with their own username and password... ... login levels can access certain sheets/areas etc. ... On my database sheet I simple want to be able to add in usernames, ...
      (microsoft.public.excel.programming)