PaulDotCom mailing list archives

Re: How to detect phishing and spoofed websites

From: Robert Cazares <robertcazares () gmail com>
Date: Thu, 13 Dec 2012 14:52:50 -0800

Aye mateys and mateyettes,

I'm such a stickler for review, review, review, have someone else
review, then maybe review again, then release to the wild.

What I refer to is a typo in the morningstarsecurity.com/research/urlcrazy page.

And that typo is a reference to google.com that is spelled "goole.com".
Silly, I know. But when you're talking about a tool that checks for
these types of things, phishing/spoofing, one-letter-off web site
names and their brethren, please please please spell check before
releasing.
Whew (. . .)

----------------------------------------------------------------------------------------------------------------
Find it here -
-------------------------------
Popularity Estimate

We can estimate the relative popularity of a typo by measuring how
often that typo appears on webpages. Querying goole.com for the number
of search results for a typo gives us a indication of how popular a
typo is.
-------------------------------
----------------------------------------------------------------------------------------------------------------

I have not run the tool myself, BUT it looks like a great tool to have
in your kit.

I have security questions and will return soon enough.

Six, two and even
Over and out

- Robert

On Thu, Dec 13, 2012 at 7:09 AM, swierckxlists <swierckxlists () gmail com> wrote:

Hi Brian,

Part of the research/finding out if this is happening to you or your company
can be automated using the URLCrazy tool
(http://www.morningstarsecurity.com/research/urlcrazy), the tool has been
reviewed / described in this blog post:
http://www.ihackforfun.eu/index.php?title=urlcrazy-is-someone-spying-on

Strider is a similar tool by Microsoft but URLCrazy is open source and can
be adapted to your needs if further automation is needed.

Greets

Steven

On 12/12/2012 15:43, Brian Erdelyi wrote:


Good morning everyone,

I'd like to create a guide and checklist for detecting phishing attacks.
I want to focus on server side.  What can a website admin do to detect
phishing attacks and spoofed websites?  What can a web app developer do to
make it easier to detect phishing attacks and spoofed websites?

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

How to detect phishing and spoofed websites Brian Erdelyi (Dec 12)
- Re: How to detect phishing and spoofed websites xgermx (Dec 12)
  - Re: How to detect phishing and spoofed websites allison nixon (Dec 12)
    - Re: How to detect phishing and spoofed websites Bill Swearingen (Dec 12)
    - Re: How to detect phishing and spoofed websites Brian Erdelyi (Dec 13)
    - Re: How to detect phishing and spoofed websites allison nixon (Dec 13)
- Re: How to detect phishing and spoofed websites swierckxlists (Dec 13)
  - Re: How to detect phishing and spoofed websites Robert Cazares (Dec 13)
- Re: How to detect phishing and spoofed websites Todd Haverkos (Dec 13)
- <Possible follow-ups>
- Re: How to detect phishing and spoofed websites Ian Ahl (Dec 14)
  - Re: How to detect phishing and spoofed websites Tim Krabec (Dec 14)