Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Amex goes phishing

From: David Farber <dave () farber net>
Date: Fri, 23 Jan 2009 09:08:49 -0500


Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: January 22, 2009 9:44:20 PM EST
To: David Farber <dave () farber net>
Cc: "James J. O'Donnell" <provost () georgetown edu>
Subject: Re: [IP] Amex goes phishing


On the topic of phishing, and steps companies like Amex can take
to mitigate it, here's a re-cast of something I wrote the other day:

I'd prefer my bank to not send email which includes any URLs.
If they never send any, they can never typo them. (Nor can they do anything 
silly with them, such as James describes.)  Nor can I typo them, when
copying them from email by hand or cut-and-pasting.  If I rely solely on
the single URL for them I entered -- very carefully, by hand, once --
then my chances of ever going to a phish/typosquatted site drop considerably. 

To undercut this, an attacker would need to gain control of the place
I've stored that URL, which would require gaining control of my computer, 
which would mean that there would be no need for them to bother sending
me a phish, because they could just extract the URL/username/password
triplet directly the next time I used it.

Moreover, if the bank trained all their customers in this -- just like
they [try to] train them that they will never, ever ask for a password
-- then they'd be training their customers to be phish-resistant, since
they'd know that any message with a putative URL for the bank is a phish.
And if I might add something to that: one of the other ways to reduce the 
attack potential is to reduce the number of phish/typosquatted domains.
(A quick check of my data indicates over a thousand just for Paypal,
and I'm sure my list is far from complete.)  Registrars, DNS providers,
web hosts, ISPs, mail providers, etc. should all be using simple regular
expression checks to vet new domains signing up for their services,
and flagging for human review any that match.

---Rsk




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: