Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phishing

From: Ethen Hunt <ethenhunt-ml () mindspring com>
Date: Tue, 28 Oct 2003 08:57:24 -0500
Phishing is not really all that new. AOL has had problems with phishing sites and emails since at least 1996 and probably before that too. I know that other ISPs experience this problem and online banking is just the newest target on the block. I don't know if I'd go so far as to call it an epidemic, but it certainly can cause a few headaches. Education is definitely a step forward, but sadly it does not solve the entire issue. The issue has to be handled differently depending on how your customers reach you (i.e. an online bank site would have to take different measures than an ISP).
An ISP would Null route the IP address(es) hosting the phisher site, contact the company that owns the IP to get the site taken down, and possibly proceed with legal action against the owner of the site (although this is rarely possible as the site registration info is usually fake or owned by a foreigner). Other than warning it's customers, an online banking site could also attempt to get the site taken down. Their network access provider or hosting company could possibly assist with this.
In the end however, the chase to tear down phisher sites will become a continuing problem until customers begin to understand that email can be faked all too easily. As for email addresses, those could come from any number of sources. If the bank sold the email address to potential third parties and affiliates, then a spammer could easily buy it. Or the spammer could be lazy and bulk mail a huge amount of email addresses in the hopes that they might catch a few customers. Just enough to scam some. 

- Ethen Hunt

Mark Harris wrote:


All,

Would like some feedback on what you think of the current phishing scams
hitting UK banks.

Do you see this as a worldwide epidemic?
Is education enough for the customers in protecting themselves?
How are these phishing groups getting access to customers e-mail addresses
etc?

Thanks,


Mark Harris, CISSP
CISO

ASPACE Solutions - Leading Business Minds
T: +44 (0)20 7744 6248
M: +44 (0)7793 047 875
Website www.aspacesolutions.com

Three Tuns House
109 Borough High Street
London SE1 1NL



---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy 
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: