funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nordea Sweden shuts Internet banking due to targeted phishing

From: "David Lodge" <dave () cirt net>
Date: Wed, 05 Oct 2005 22:22:20 +0100
On Wed, 05 Oct 2005 01:45:54 +0100, Richard Cox <richard () beijing spamhaus cn> wrote: 
On 5 Oct 2005 01:08:43 +0100 (BST) Drsolly <drsollyp () drsolly com> wrote:

Banks could fix the phishing problem if they had the incentive.
It isn't bad enough yet to make them want to fix it.

They do want to fix it.  They are just now discovering what needs to be
done.  I had a very productive meeting with APACS last week, and there
is much to be taken forward from that.  Hopefully Gadi will introduce a
new participant to some of his lists very soon which will underpin that.
I totally agree with you Richard; the problem isn't the banks - it's users, ISPs and notifications. I can't emphasise enough how many emails I receive saying something like "I got this weird email from you so I entered my details and got this strange error".
The annoying thing is the timeline, for the last phishing attempt I dealt with, the timeline went something like: 
Day One
0300 Phishing emails sent out.
1500 APACS notify somebody in our company and ask ISP to shut down site.
Day Two
0800 Company person forwards email to me.
0930 I receive email, swear a lot; trace site.
1000 Dig around ISPs website to find a phone number.
1100 After spending 40 minutes on hold to ISP get through, told that "the security guy" is on lunch (as ISP in the Netherlands and 1 hour in front) and to ring back in an hour. 1230 Finally get to speak to security guy and ask him to shut down the site. 1400 Americans come in and receive emails. They contact external company we pay to shut down the site. 
1500 Site's still up. Ring up ISP again
1630 Site is finally down.

So in total:
27 hours before somebody in the company gets shut down.
3 groups of people (me, APACS, company we employee to shut down phishing sites) contacted the ISP to take down the web site over a period of 36 hours.
Company we employ to alert of phishing and take down sites didn't even notice (probably because the email was only sent out to UK people). 

Not good.

dave
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: