Security Incidents mailing list archives
RE: Discovering and Stopping Phishing/Scam Attacks
From: <matt.neeley () familyfeaturedproducts com>
Date: Tue, 26 Apr 2005 17:16:53 -0400
Even if you don't get your web host to do it themselves if you use PHP you can easily make simple scripts that perform the same function. I'd imagine you could do the same with ASP. net if you use that instead. -----Original Message----- From: Lode Vermeiren [mailto:lode () linu cx] Sent: Tuesday, April 26, 2005 3:51 PM To: bugtraq () securityfocus com; incidents () securityfocus com; Randy Subject: Re: Discovering and Stopping Phishing/Scam Attacks On Tue, 26 Apr 2005 steven () lovebug org wrote:
As we have all noticed, there has increase in the number of
phishing/scam
attempts via e-mail that appear to be legitimate. Most of
and e-mails do not host their own images. From what I have seen, more often than not, these e-mails and websites link directly to images
hosted
by the legitimate website.
Since they are linking to the images hosted on the site they are cloning -- the banking/e-commerce website could just rename their images on their own webpage every so often (and update their webpages
accordingly). Op di, 26-04-2005 te 13:13 -0700, schreef Randy:
Seems like a maintenance nightmare waiting to happen. ~randy
Renaming the files would indeed be a maintenance nightmare, but I don't see a reason why the webserver hosting the image can't do a referrer check, and only serve the real images if they are being loaded from the real domain. In all other cases they could return a "THIS IS A FAKE PAGE" image, or perhaps even some shock site[1] Lode [1] please don't follow any of the links on http://en.wikipedia.org/wiki/Shock_site You have been warned. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Discovering and Stopping Phishing/Scam Attacks steven (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Lode Vermeiren (Apr 26)
- RE: Discovering and Stopping Phishing/Scam Attacks matt.neeley (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Lode Vermeiren (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Michael J. Pomraning (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks Crispin Cowan (Apr 27)
- <Possible follow-ups>
- Re: Discovering and Stopping Phishing/Scam Attacks thomas adams (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Thomas Adams (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 26)
- RE: Discovering and Stopping Phishing/Scam Attacks Scovetta, Michael V (Apr 27)