[nospam] Article: Fighting Phishing

  • From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
  • To: nospam@xxxxxxxxxxxxx
  • Date: Mon, 15 Dec 2003 13:13:10 -0500

Fighting Phishing
http://www.pcmag.com/print_article/0,3048,a=114170,00.asp
December 8, 2003 By Sebastian Rupley
Phishing, e-mail and Web-based efforts by online scammers to hijack personal
information from unsuspecting users, faces a new obstacle. A group of global
banks and technology companies have joined forces to fight the scams. The
group is running a Web site, Anti-Phishing.Org (www.antiphishing.org
<http://www.antiphishing.org>), where those who have received phishing
messages can report them, and personnel will follow up by trying to track
down the originators of the scams. Tumbleweed Communications started the
Anti-Phishing.Org effort with the participation of a number of banks (the
majority of phishing e-mails appear to come from financial institutions),
but the list of partners now includes many technology companies. Bank of
America and Wells Fargo were among some of the early banks to form
partnerships with Anti-Phishing.Org, says Dave Jevans, senior vice-president
of marketing at Tumbleweed Communications. "We're putting an infrastructure
in place so there will be people who can respond to phishing reports in a
timely fashion," says Jevans. "That's critical because the Web sites
designed for collecting personal information in phishing attacks are often
only in place for a day or two." Following his interview with PC Magazine,
Jevans forwarded an example of a current phishing attack that the
Anti-Phishing.Org team was tracing on Monday morning. The e-mail in question
appeared to come from UK bank NatWest, and asked for personal account
information to be provided at a Web address. Anti-Phishing.Org personnel
were able to track the IP address the e-mail was sent from, and although
officials think the e-mail originated in Europe, the IP address of the
message turned out to be for a computer in San Francisco. Anti-Phishing.Org
officials, with the help of Pacific Bell, turned up the name and street
address for the owner of the computer immediately after the phishing message
had been sent. Clearly, though, the message was spoofed?relayed from a
hijacked computer, making the true origin hard to trace. "The owner of the
computer probably had no idea he'd been hacked," says Jevans. The
Anti-Phishing.Org team is currently tracing about 20 reports of phishing
attacks, according to Jevans. "It's very hard to put real numbers on the
damages companies are suffering because of phishing," he adds. "Part of that
is because the major banks don't want to divulge the amount of losses
they're seeing for fear that it will damage their online banking businesses.
But just to give one rough example, a major Australian bank has put several
million dollars in reserve since August to cover damages from phishing."
Phishing attacks can appear to come from places other than financial
institutions <http://www.eweek.com/article2/0,4149,1401000,00.asp>, though.
As PC Magazine reported on December 3
<http://www.pcmag.com/article2/0,4149,1402431,00.asp>, the magazine's
editors received a phishing message purportedly sent by eBay, complete with
a very official-looking eBay logo and header. That attack was followed up by
another official looking message received by a contributor to the magazine
in which the message appeared to be from Visa. Jevans was aware of the Visa
scam making the rounds. One of the primary rules in avoiding being a victim
of phishing is to never respond to e-mail requests for personal and
financial information. Jevans says it's no surprise that phishing messages
often appear to be very official-looking communications from big companies
and are increasingly well edited. "The people behind these attacks are
getting smarter," he says, "because they realize there's something to this
now. There's money."


Copyright (c) 2003 Ziff Davis Media Inc. All Rights Reserved.



****************************************************
To unsubscribe from this list go to:
//www.freelists.org/list/nospam 
****************************************************

Other related posts:

  • » [nospam] Article: Fighting Phishing
  1. Home
  2. nospam
  3. Archive
  4. 12-2003