Toxic phishers scam the unwary
Published: 12 Jan 2004 15:55 GMT
Users can achieve some success in shutting down suspect pages. When I contacted eBay's public relations department about one of the PayPal phishers that had come my way, the company asked me to file the report to the email address spoof@ebay.com , where it collects all reports of this nature. About two weeks passed between the time when I first received the email and when I finally forwarded the email and its header to that address. During that entire time, the page remained active. Within 24 hours of filing the report, I received a reply from eBay confirming that the page was fraudulent and that the company had taken action. To no avail, I tried to return to the offending page with my browser. EBay obviously has some clout. When I asked for more details about its process for handling my report and whether EBay would try to track down the bad guys, the company refused to comment. According to Jevans, this is not uncommon. Although the Anti-Phishing Work Group has a blue-blooded membership consisting of major financial institutions and Fortune 500 companies, most of them would just as well assume not be mentioned in stories that have to do with phishing.
"On the technology front, since phishing is spam, the same tools to combat spam such as Web and email filtering are one approach," Jevans said. "But we also recommend that companies regularly scan the DNS to see if domains with a close resemblance to their own are being registered. When Visa was targeted last month, the phisher used the domain visa-security.com. Also, banks are starting to digitally sign their emails, which in turn requires that end users be educated on how to discern between an email that's been legitimately signed and one that's not."
From a social perspective, education is key. For example, users need to be schooled on how to spot fraudulent mail and what to do about it. Whereas eBay has a process in place, other institutions may not. Jevans said anyone can file a phishing report at www.antiphishing.org.
Companies that are interested in developing an acute awareness of the phishing problem could benefit from joining antiphishing.org. The members share intelligence and ideas on how to deal with the problem. The organisation is also associated with several other prominent industry working groups. Jevans said membership is open to businesses that pass the organisation's litmus test (to keep phishers from getting inside), and that its next confab is in New York City on 29 January.
Oh, and if you go, be sure to hang a sign on your office door that reads "Gone Phishin'. " At the very least, your co-workers will ask what it means and thus, the education process within your company can begin.
Previous
Did you find this article useful?
226 out of 425 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
