Re: How to detect phishing and spoofed websites

[Bill Swearingen <hevnsnt () i-hacked com>]

I have found that an email to the hosting company to be very successful,
even in other countries.
On Dec 12, 2012 7:14 PM, "allison nixon" <elsakoo () gmail com> wrote:

> As a web app developer, I'm not sure how your responsibilities would apply
> to dealing with phishing sites.  Are you maintaining a website and people
> are creating phishing sites mimicking yours?  If so, pls read the following
> wikipedia entry:
> http://en.wikipedia.org/wiki/Backscatter_(email)
>
> also, phishers typically dump people onto the real website after they have
> fallen for the scam so it would be wise to locate some of the phishing
> pages imitating your site, "falling" for the scam yourself, and looking at
> the pattern of traffic that ends up going to your site.  Other IPs with the
> same pattern of traffic could have their accounts compromised.  Finally,
> once you've found the site, you could file dmca complaints, and you would
> have good standing to do so, but it probably wouldn't help you anyways.
>  Phishing websites are disposable.  I have seen people attempt to fill in
> the phishing site with lots and lots of garbage info to make the operation
> unprofitable, as well as locating the caches of stolen credentials on the
> server, but that begins to fall into a very grey area and you can make your
> own decisions on the matter.  You could also create fake accounts and enter
> them into known phishing sites, and track the activity of any IP that
> attempts to log into those accounts.  Typically the attacker attempts to
> log in with many usernames from its stolen credential cache, and you might
> even want to lower your login security to allow for many different logins
> from one IP, so they don't need to recycle IPs and are easier to track.
>
> Of course, do what makes sense for your situation.
>
> -Allison Nixon
>
> On Wed, Dec 12, 2012 at 1:25 PM, xgermx <xgermx () gmail com> wrote:
>
> > Check for encoded javascript/php, check any redirects, check for any 1x1
> > iframes, etc
> > wget/curl scripting can really do a lot for you and if you want to roll
> > up your scripting sleeves, you can leverage the VirusTotal API.
> > https://www.virustotal.com/documentation/public-api
> >
> >
> > On Wed, Dec 12, 2012 at 8:43 AM, Brian Erdelyi <brian_erdelyi () yahoo com>wrote:
> >
> > > Good morning everyone,
> > >
> > > I'd like to create a guide and checklist for detecting phishing attacks.
> > >  I want to focus on server side.  What can a website admin do to detect
> > > phishing attacks and spoofed websites?  What can a web app developer do to
> > > make it easier to detect phishing attacks and spoofed websites?
> > >
> > > Brian
> > >
> > > Sent from my iPhone
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com