Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Discovering and Stopping Phishing/Scam Attacks

from [steven] Network Security [Permanent Link]
Subject: Discovering and Stopping Phishing/Scam Attacks
Date: Tue, 26 Apr 2005 12:59:05 -0700 (PDT) 
As we have all noticed, there has increase in the number of phishing/scam
attempts via e-mail that appear to be legitimate.  Most of
these e-mails look identical to e-mails that would be sent by the
e-commerce or banking institute.  They also frequently link to
fraudulent/hacked webservers that also appear very similar to the website
they are masquerading as.

I noticed quite some time ago is that most of these websites
and e-mails do not host their own images.  From what I have seen, more
often than not, these e-mails and websites link directly to images hosted
by the legitimate website.  For example, I just received an eBay scam
asking me to signup to be a PowerSeller.  The PowerSeller artwork, logos,
and other images are all linked directly from eBay.  So this makes me
realize that there are a few things some of these targeted
websites/businesses can do to detect these scam sites much quicker.  I
have made this suggestion to a few banking institutions in the past, and I
have no idea if anyone has actually decided to implement my ideas or not
-- but they seem pretty feasible.

Since they are linking to the images hosted on the site they are cloning
-- the banking/e-commerce website could just rename their images on
their own webpage every so often (and update their webpages accordingly). 
However, at the same time they should keep copies of the images with their
old names.  Now they can check their logs to see what webpage(s) are
accessing these old image names.  Chances are they will link directly back
to the hacked website purporting to be their page.  This would allow for
quicker detection of this phishing and scam websites, providing a slight
leg up for sites trying to fight this.

Just an idea -- let me know if anyone has any comments.

Steven
steven@lovebug.org

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities, Thierry Carrez
Next by Date:  [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability, Zinho
Previous by Thread:  [Full-disclosure] [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities, Thierry Carrez
Next by Thread:  Re: Discovering and Stopping Phishing/Scam Attacks, Randy
Indexes:  [Date] [Thread] [Top] [All Lists]