Security Incidents mailing list archives
Re: Discovering and Stopping Phishing/Scam Attacks
From: "Steven" <steven () lovebug org>
Date: Thu, 28 Apr 2005 15:57:00 -0400
I think there have been a lot of good suggestions and ideas in response to the original message. I thank you that went easy on me for not mentioning checking the referrer field in website logs. That is also a great idea and would most likely effectively accomplish the same goal as using multiple image names. However, I think a few people are missing the point. I do realize that they could check the website to see if they have done this or simply just host the files themselves. This would perhaps temporarily circumvent the image renaming method. Checking the referrer to the images in the log files would still be possible.
The main point of all of this is to remain passive. Your goal is not to show them an anti-fraud image or websites from accessing your images. The point is to quickly detect these websites, shut them down, and do what is possible to stop any perpetrators. At the same time I think this thread has struck a nerve that perhaps these banking and e-commerce websites could do more to educate users and try and stop customers from falling for this sort of thing. Then again, we all know a sucker is born every minute.
Thanks for all the replies. I think there have been a lot of good suggestions and insights into this whole process.
Steven
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- RE: Discovering and Stopping Phishing/Scam Attacks, (continued)
- RE: Discovering and Stopping Phishing/Scam Attacks Marco A. Zamora Cunningham (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Krul Thomas (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Calder, James (EXP) (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Nuno Costa (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Dave Greer (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Rainer Duffner (Apr 28)
- Message not available
- Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Daniel Hanson (Apr 28)
- Re: Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Valdis . Kletnieks (Apr 29)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Steven (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Michael J. Pomraning (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Andrew Kopp (Apr 28)