|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Discovering and Stopping Phishing/Scam Attacks
From: Lode Vermeiren (lode
linu.cx)
Date: Tue Apr 26 2005 - 15:51:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 26 Apr 2005 stevenlovebug.org wrote:
> > As we have all noticed, there has increase in the number of phishing/scam
> > attempts via e-mail that appear to be legitimate. Most of
> > and e-mails do not host their own images. From what I have seen, more
> > often than not, these e-mails and websites link directly to images hosted
> > by the legitimate website.
> > Since they are linking to the images hosted on the site they are cloning
> > -- the banking/e-commerce website could just rename their images on
> > their own webpage every so often (and update their webpages accordingly).
Op di, 26-04-2005 te 13:13 -0700, schreef Randy:
> Seems like a maintenance nightmare waiting to happen.
>
> ~randy
Renaming the files would indeed be a maintenance nightmare, but I don't
see a reason why the webserver hosting the image can't do a referrer
check, and only serve the real images if they are being loaded from the
real domain. In all other cases they could return a "THIS IS A FAKE
PAGE" image, or perhaps even some shock site[1]
Lode
[1] please don't follow any of the links on
http://en.wikipedia.org/wiki/Shock_site
You have been warned.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]