PaulDotCom mailing list archives
Re: How to detect phishing and spoofed websites
From: Tim Krabec <tkrabec () gmail com>
Date: Fri, 14 Dec 2012 09:53:08 -0500
what about a soundex & unicode filters to look for similar named sites? On Fri, Dec 14, 2012 at 8:52 AM, Ian Ahl <ian.ahl () tekdefense com> wrote:
One method I recently implemented while still reactive has worked wonders. What I came up with though involves more than just ownership of the website though you will also need the ability to add a signature to an IDS that can see traffic destined to the internet from your organization. 1. Implement a unique tracking code on your website. This can be any unique string of characters. For example if you looked at the source of tekdefense.com you will see "<!--UID xztbalp-->" 2. Write a snort signature that will alert when an organization source attempts to communicate externally with http content that matches the tracking code. As this tracking code should only be on a specific server you can alert whenever that tracking code is hit going anywhere else. This will show any users within your org attempting to communicate with an external phishing site. There are some flaws with this approach though. I have thought about expanding this to do something more along the lines of google analytics, where as leaving a full reference to a .js that will pull source and destination IP and report back to a logging source. There could be privacy issues with that though. Thank you, Ian On Fri, Dec 14, 2012 at 2:00 AM, <pauldotcom-request () mail pauldotcom com>wrote:Send Pauldotcom mailing list submissions to pauldotcom () mail pauldotcom com To subscribe or unsubscribe via the World Wide Web, visit http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom or, via email, send a message with subject or body 'help' to pauldotcom-request () mail pauldotcom com You can reach the person managing the list at pauldotcom-owner () mail pauldotcom com When replying, please edit your Subject line so it is more specific than "Re: Contents of Pauldotcom digest..." Thank you for subscribing to the PaulDotCom Mailing list digest. Please visit our site, http://pauldotcom.com, for more hacking entertainment. Today's Topics: 1. Re: How to detect phishing and spoofed websites (swierckxlists) 2. Re: How to detect phishing and spoofed websites (Todd Haverkos) 3. Re: Best ROI Combination - Metasploit & Training (Todd Haverkos) 4. Re: How to detect phishing and spoofed websites (Brian Erdelyi) 5. Re: How to detect phishing and spoofed websites (Robert Cazares) 6. Re: Best ROI Combination - Metasploit & Training (Arch Angel) 7. Re: How to detect phishing and spoofed websites (allison nixon) ---------------------------------------------------------------------- Message: 1 Date: Thu, 13 Dec 2012 16:09:17 +0100 From: swierckxlists <swierckxlists () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] How to detect phishing and spoofed websites Message-ID: <50C9EF9D.9050609 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi Brian, Part of the research/finding out if this is happening to you or your company can be automated using the URLCrazy tool (http://www.morningstarsecurity.com/research/urlcrazy), the tool has been reviewed / described in this blog post: http://www.ihackforfun.eu/index.php?title=urlcrazy-is-someone-spying-on Strider is a similar tool by Microsoft but URLCrazy is open source and can be adapted to your needs if further automation is needed. Greets Steven On 12/12/2012 15:43, Brian Erdelyi wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishingattacks. I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developer do to make it easier to detect phishing attacks and spoofed websites?Brian Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 2 Date: Thu, 13 Dec 2012 10:30:09 -0600 From: Todd Haverkos <infosec () haverkos com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] How to detect phishing and spoofed websites Message-ID: <20121213163009.25E2317E77CA () lhotse onsight com> Content-Type: text/plain; charset=us-ascii Brian Erdelyi <brian_erdelyi () yahoo com> writes:Good morning everyone, I'd like to create a guide and checklist for detecting phishingattacks. I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developer do to make it easier to detect phishing attacks and spoofed websites? It depends on what exactly you're looking to achieve. If you're looking for "is my company's brand and/or site being leveraged in a phishing attack?" then developing some sort of monitoring for http log entries that are status 200 for image files, but lack any referrer information might be one way to look at trends. That would get a lot of current phishes where they're leveraging branding and logos from the actual live site. I'm not sure this is so much the domain of a web developer as a security architect charged with monitoring and intrustion detection, though. I can't think of much a web dev would do in this domain. To complement the above, doing something on the email server side where mail to illegitimate addresses gets quietly accepted and logged safely somewhere might be another data source to mine. A sudden flood of out of office notifications going to some invalid address at your company is also a strong indicator that your brand has been hijacked in a phishing ruse. The cost/benefit of this analysis though is something to consider. Accepting mail for all possible email addresses can be a very expensive disk/bandwidth/mail processing proposition. If you're defending your company's users against inbound flurry of phishing emails, obviously a strong anti-spam/anti-phish email gateway is the best first line of defense. Some vendors are really pretty bad at anti-phish, but decent at anti-spam. Some are less effective at anti-spam, but seem to do well against phishing emails. The next line of defense (and probably even more important) is a web proxy aka secure web gateway that includes a content categorization feed that's actively managed by the vendor, coupled with a policy blocking malicious sites as well as phishing sites. Bluecoat, Websense, McAfee, Barracuda all have such goodies. To complement on-premises web proxy solutions, there are cloud solutions to protect your mobile workers. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------ Message: 3 Date: Thu, 13 Dec 2012 13:23:28 -0600 From: Todd Haverkos <infosec () haverkos com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] Best ROI Combination - Metasploit & Training Message-ID: <20121213192328.7307E17E77CA () lhotse onsight com> Content-Type: text/plain; charset=us-ascii Arch Angel <arch3angel () gmail com> writes:Honestly Albert, I can't say that I have a legitment "reason" per say.Ihave found, in my experience, to get the full benefit of Nessus youreallyneed Security Center and the other products, but in general that's not a real reason, just a personal opinion. I have just seen NexPose as abetterproduct over all, in look, feel, and acurancy. However, again this isjustmy opinion I really don't have a reason outside personal preference Iguess.I'm not opposed to diving deeper into Nessus and learning theadvanatges orcapabilities though.Robert, I would encourage shooting out Nexpose and Security Center side by side with an evaluation that gets sales engineers involved and get a quote early on for what you need. It's a fair point that Nexpose does more for an enterprise than Nessus alone does. Nessus is definitely a vulnerability scanner, but it it not alone an enterprise-centric vulnerability management and reporting system. Security Center fills that role, as you hint. Nexpose and Security Center side by side is the apples to apples comparison. Cost as of 2 years ago was within the same ballpark and was sized per IP's. If you need or want additional scan zones/scanners for a segmented network, one vendor hits you additional for those, another vendor doesn't. Get SE's from both companies involved. Pay attention to memory needed and how fast similar breadth and depth scans come back, if virtualization is important to you, see how each performs in that environment. Test the support channels. Weigh which evil (Java/Flash/HTML5) you want to live with to use the interfaces, decide how important a scriptable API might be to you to mine vuln data. Also consider the OS's of your target environment. One scanner for instance deals with *nix OS's and authenticated scans thereof a lot more elegantly than another. I know which way I went and I've been rather happy. I don't at all regret the time taken to do a full technical shootout of both. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------ Message: 4 Date: Thu, 13 Dec 2012 17:25:36 -0400 From: Brian Erdelyi <brian_erdelyi () yahoo com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Cc: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] How to detect phishing and spoofed websites Message-ID: <6B113591-07E8-41FE-A058-3CCB4B35D954 () yahoo com> Content-Type: text/plain; charset="us-ascii" Thank you everyone. Once detected, there are many ways of dealing with a spoofed website such as contacting system owners, ISPs, publishing advisories and reporting URLs to various blacklists. I'm investigating options on how to be more proactive at detecting phishing websites. 1. Placing emails online in the hopes of it being harvested by an attacker (phishing the phisher if you will) 2. Monitoring web server logs for attempts by an attacker to copy all the data from our site 3. Monitoring web server logs for images that are retrieved with an HTTP referrer of a URL different from what is expected 4. Google searches that look for something that would likely be copied by a phisher to a spoofed website? I'm not saying these techniques are perfect or effective. Are there any other techniques you can think of (or sites that provide details on doing the above... Or provide tools to automate the above)? Anything more a web admin can do? Is there anything a developer of an web app can do to improve detection of phishing attempts? Is there any kind of configuration can be done that prevents images from being referenced by a phishing website (or load different images)? Brian Sent from my iPad On Dec 12, 2012, at 11:27 PM, Bill Swearingen <hevnsnt () i-hacked com> wrote:I have found that an email to the hosting company to be verysuccessful, even in other countries.On Dec 12, 2012 7:14 PM, "allison nixon" <elsakoo () gmail com> wrote:As a web app developer, I'm not sure how your responsibilities wouldapply to dealing with phishing sites. Are you maintaining a website and people are creating phishing sites mimicking yours? If so, pls read the following wikipedia entry:http://en.wikipedia.org/wiki/Backscatter_(email) also, phishers typically dump people onto the real website after theyhave fallen for the scam so it would be wise to locate some of the phishing pages imitating your site, "falling" for the scam yourself, and looking at the pattern of traffic that ends up going to your site. Other IPs with the same pattern of traffic could have their accounts compromised. Finally, once you've found the site, you could file dmca complaints, and you would have good standing to do so, but it probably wouldn't help you anyways. Phishing websites are disposable. I have seen people attempt to fill in the phishing site with lots and lots of garbage info to make the operation unprofitable, as well as locating the caches of stolen credentials on the server, but that begins to fall into a very grey area and you can make your own decisions on the matter. You could also create fake accounts and enter them into known phishing sites, and track the activity of any IP that attempts to log into those accounts. Typically the attacker attempts to log in with many usernames from its stolen credential cache, and you might even want to lower your login security to allow for many different logins from one IP, so they don't need to recycle IPs and are easier to track.Of course, do what makes sense for your situation. -Allison Nixon On Wed, Dec 12, 2012 at 1:25 PM, xgermx <xgermx () gmail com> wrote:Check for encoded javascript/php, check any redirects, check for any1x1 iframes, etcwget/curl scripting can really do a lot for you and if you want toroll up your scripting sleeves, you can leverage the VirusTotal API.https://www.virustotal.com/documentation/public-api On Wed, Dec 12, 2012 at 8:43 AM, Brian Erdelyi <brian_erdelyi () yahoo com> wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishingattacks. I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developer do to make it easier to detect phishing attacks and spoofed websites?Brian Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20121213/7fa071cb/attachment-0001.html------------------------------ Message: 5 Date: Thu, 13 Dec 2012 14:52:50 -0800 From: Robert Cazares <robertcazares () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] How to detect phishing and spoofed websites Message-ID: < CADpBtvG2qicJtreY3Bx6-K5ydxEvYhCkNSftpojrs+qjeaBE+w () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Aye mateys and mateyettes, I'm such a stickler for review, review, review, have someone else review, then maybe review again, then release to the wild. What I refer to is a typo in the morningstarsecurity.com/research/urlcrazy page. And that typo is a reference to google.com that is spelled "goole.com". Silly, I know. But when you're talking about a tool that checks for these types of things, phishing/spoofing, one-letter-off web site names and their brethren, please please please spell check before releasing. Whew (. . .) ---------------------------------------------------------------------------------------------------------------- Find it here - ------------------------------- Popularity Estimate We can estimate the relative popularity of a typo by measuring how often that typo appears on webpages. Querying goole.com for the number of search results for a typo gives us a indication of how popular a typo is. ------------------------------- ---------------------------------------------------------------------------------------------------------------- I have not run the tool myself, BUT it looks like a great tool to have in your kit. I have security questions and will return soon enough. Six, two and even Over and out - Robert On Thu, Dec 13, 2012 at 7:09 AM, swierckxlists <swierckxlists () gmail com> wrote:Hi Brian, Part of the research/finding out if this is happening to you or yourcompanycan be automated using the URLCrazy tool (http://www.morningstarsecurity.com/research/urlcrazy), the tool hasbeenreviewed / described in this blog post: http://www.ihackforfun.eu/index.php?title=urlcrazy-is-someone-spying-on Strider is a similar tool by Microsoft but URLCrazy is open source andcanbe adapted to your needs if further automation is needed. Greets Steven On 12/12/2012 15:43, Brian Erdelyi wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishingattacks.I want to focus on server side. What can a website admin do to detect phishing attacks and spoofed websites? What can a web app developerdo tomake it easier to detect phishing attacks and spoofed websites?------------------------------ Message: 6 Date: Thu, 13 Dec 2012 19:42:59 -0500 From: Arch Angel <arch3angel () gmail com> To: pauldotcom () mail pauldotcom com Subject: Re: [Pauldotcom] Best ROI Combination - Metasploit & Training Message-ID: <50CA7613.3020905 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I have on my calendar to contact tenable regarding the other software in hopes to fill this gap, and has been for a few days. I'm looking to work on a whole new direction with the infrastructure design after some consideration. I believe that if the design is tweaked a bit I will not only get a super easy growth potential but also a much more cost effective solution. This solution may not be in the favor of NexPose, but may work well with Security Center/Nessus or nCircle. The requirement for Q1 Labs, QRadar product is because the global headquarters has already made steps to purchase this solution and negotiated global pricing, which honestly is fine with me. They would not have been my first choice, but in that same breath are not a bad solution. In the "Supported Products" document Nessus is not a supported Vulnerability Management solution, but Tenable Security Center is supported. I believe they are doing this by feeding Security Center the Nessus data and then pulling this data from Security Center into QRadar. So ultimately it is supported and is not an issue as of now. I just needed to be cautious of this as a minor mistake now could potentially turn into a very costly and timely mistake by the end of 2013. One thing that has been bothering me for the last few days has been the way NexPose handled credential scanning of *nix* systems. I do not feel a warm and fuzzy in my tummy about root being used like this. Not saying good or bad from a security stand point we all know allowing root direct login is well..... "less than ideal", but more so the maturity of a product which still has such a feature. Again it boils down to a warm and fuzzy, and I'm just not feeling that one. I am on absolutely no timeline to complete this! I have no intentions of rushing into a solution just because the "end of year sales price is expiring", this tactic actually tends to push me away. Whether that is corporate environment or my personal collection of pauldotcom bobble head dolls :-) I'm just not a person who runs for the discount, the discount may not always be a true cost reduction over the long haul. I mean seriously, my Larry Bobble Head broke 30 minutes after opening it. Although I was trying to find the RFID tag, but I digress.. I appreciate the feedback, it's really good to bounce ideas off others in the community and get the good/bad of others experiences with products. P.s. There never was any Pauldotcom booble head dolls for the trolls who are already emailing Paul asking how to get them. However, there is pictures of Larry being "searched" for the RFID tag by TSA. Open Google and do an image search for Larry's alias "John Strand" and it will show still shows of where he placed the RFID tag. -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 12/13/12 2:23 PM, Todd Haverkos wrote:Arch Angel <arch3angel () gmail com> writes:Honestly Albert, I can't say that I have a legitment "reason" per say.Ihave found, in my experience, to get the full benefit of Nessus youreallyneed Security Center and the other products, but in general that's notareal reason, just a personal opinion. I have just seen NexPose as abetterproduct over all, in look, feel, and acurancy. However, again this isjustmy opinion I really don't have a reason outside personal preference Iguess.I'm not opposed to diving deeper into Nessus and learning theadvanatges orcapabilities though.Robert, I would encourage shooting out Nexpose and Security Center side by side with an evaluation that gets sales engineers involved and get a quote early on for what you need. It's a fair point that Nexpose does more for an enterprise than Nessus alone does. Nessus is definitely a vulnerability scanner, but it it not alone an enterprise-centric vulnerability management and reporting system. Security Center fills that role, as you hint. Nexpose and Security Center side by side is the apples to apples comparison. Cost as of 2 years ago was within the same ballpark and was sized per IP's. If you need or want additional scan zones/scanners for a segmented network, one vendor hits you additional for those, another vendor doesn't. Get SE's from both companies involved. Pay attention to memory needed and how fast similar breadth and depth scans come back, if virtualization is important to you, see how each performs in that environment. Test the support channels. Weigh which evil (Java/Flash/HTML5) you want to live with to use the interfaces, decide how important a scriptable API might be to you to mine vuln data. Also consider the OS's of your target environment. One scanner for instance deals with *nix OS's and authenticated scans thereof a lot more elegantly than another. I know which way I went and I've been rather happy. I don't at all regret the time taken to do a full technical shootout of both.Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 7 Date: Thu, 13 Dec 2012 20:39:45 -0500 From: allison nixon <elsakoo () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] How to detect phishing and spoofed websites Message-ID: <CACLR7w+5+SNx9S= L0V1ihJ3LtpjB2t7o-knhYGxxXAZVrrNwyg () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Ask your users to report phishing websites On Thu, Dec 13, 2012 at 4:25 PM, Brian Erdelyi <brian_erdelyi () yahoo comwrote:Thank you everyone. Once detected, there are many ways of dealing with a spoofed websitesuchas contacting system owners, ISPs, publishing advisories and reportingURLsto various blacklists. I'm investigating options on how to be more proactive at detecting phishing websites. 1. Placing emails online in the hopes of it being harvested by anattacker(phishing the phisher if you will) 2. Monitoring web server logs for attempts by an attacker to copy allthedata from our site 3. Monitoring web server logs for images that are retrieved with an HTTP referrer of a URL different from what is expected 4. Google searches that look for something that would likely be copiedbya phisher to a spoofed website? I'm not saying these techniques are perfect or effective. Are there any other techniques you can think of (or sites that provide details ondoingthe above... Or provide tools to automate the above)? Anything more awebadmin can do? Is there anything a developer of an web app can do to improve detection of phishing attempts? Is there any kind ofconfigurationcan be done that prevents images from being referenced by a phishing website (or load different images)? Brian Sent from my iPad On Dec 12, 2012, at 11:27 PM, Bill Swearingen <hevnsnt () i-hacked com> wrote: I have found that an email to the hosting company to be very successful, even in other countries. On Dec 12, 2012 7:14 PM, "allison nixon" <elsakoo () gmail com> wrote:As a web app developer, I'm not sure how your responsibilities would apply to dealing with phishing sites. Are you maintaining a websiteandpeople are creating phishing sites mimicking yours? If so, pls readthefollowing wikipedia entry: http://en.wikipedia.org/wiki/Backscatter_(email) also, phishers typically dump people onto the real website after they have fallen for the scam so it would be wise to locate some of thephishingpages imitating your site, "falling" for the scam yourself, andlooking atthe pattern of traffic that ends up going to your site. Other IPswith thesame pattern of traffic could have their accounts compromised.Finally,once you've found the site, you could file dmca complaints, and youwouldhave good standing to do so, but it probably wouldn't help you anyways. Phishing websites are disposable. I have seen people attempt to fillinthe phishing site with lots and lots of garbage info to make theoperationunprofitable, as well as locating the caches of stolen credentials ontheserver, but that begins to fall into a very grey area and you can makeyourown decisions on the matter. You could also create fake accounts andenterthem into known phishing sites, and track the activity of any IP that attempts to log into those accounts. Typically the attacker attemptstolog in with many usernames from its stolen credential cache, and youmighteven want to lower your login security to allow for many differentloginsfrom one IP, so they don't need to recycle IPs and are easier to track. Of course, do what makes sense for your situation. -Allison Nixon On Wed, Dec 12, 2012 at 1:25 PM, xgermx <xgermx () gmail com> wrote:Check for encoded javascript/php, check any redirects, check for any1x1iframes, etc wget/curl scripting can really do a lot for you and if you want torollup your scripting sleeves, you can leverage the VirusTotal API. https://www.virustotal.com/documentation/public-api On Wed, Dec 12, 2012 at 8:43 AM, Brian Erdelyi <brian_erdelyi () yahoo com>wrote:Good morning everyone, I'd like to create a guide and checklist for detecting phishing attacks. I want to focus on server side. What can a website admindo todetect phishing attacks and spoofed websites? What can a web appdeveloperdo to make it easier to detect phishing attacks and spoofed websites? Brian Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. -------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20121213/654d2bdb/attachment-0001.html------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom End of Pauldotcom Digest, Vol 51, Issue 13 ******************************************_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Tim Krabec Kracomp 772-597-2349 www.kracomp.com www.smbminute.com (podcast) tkrabec.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- How to detect phishing and spoofed websites Brian Erdelyi (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites Bill Swearingen (Dec 12)
- Re: How to detect phishing and spoofed websites Brian Erdelyi (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 13)
- Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
- Re: How to detect phishing and spoofed websites Robert Cazares (Dec 13)
- <Possible follow-ups>
- Re: How to detect phishing and spoofed websites Ian Ahl (Dec 14)
- Re: How to detect phishing and spoofed websites Tim Krabec (Dec 14)