Can Teamwork Stop Phishing?
from the wishful-thinking... dept
While eBay seems to be moving away from email as a method to stop phishing scams, a number of common phishing targets have all teamed up to “share” info on phishing scams. I’m sure the phishing site operators are really, really afraid now. While, it obviously can’t hurt for these companies to share info, that’s hardly a major initiative to stop phishing from happening. These companies should have realized a long time ago the importance of sharing information — and, if anything, it’s a bit scary that they’ve only decided to do so at this point. As we’ve pointed out before, phishing is at its core a bit of social engineering designed to trick people into believing something. It’s not so much a technical trick (though, technical tricks are being used to help move along the charade), and attempts by tech companies to take a tech approach to solving the issue may find it much more difficult than they imagined.
Comments on “Can Teamwork Stop Phishing?”
No Subject Given
Too true. I’ve been writing about PayPal phishing since June 2002. The only way to avoid phishing scams is to never click on a link to a log-in page, yet I continue to get emails from financial insitutions with such links. All companies need to emphasize that users should log-in to their accounts through their browswers. There is no technology fix for scams involving social engineering. It’s appalling the lack of industry cooperation with regard to fraud, this will hurt ecommerce.
No Subject Given
Just a curiousity thing that I’ve always wondered about Phishing scams: The good looking, but bogus, link points somewhere… How come the bogus server is on the air 10 minutes after the legitimate institution gets a copy of the phish? I.E. Why doesn’t Citibank, Paypal, whomever go after the server with all guns blazing? These things are clear fraud, they should be able to get law enforcment engaged very quickly and raid the site?
phishing
The best way to discourage phishing is to encourage everyone to respond with bogus information–flood the phishers with noise.
Citizens stop phishing on their own?
Maybe someone’s already doing this, maybe it’s time someone did. Why doesn’t someone develop a “shared bandwidth” 1-time DoS hub and allow volunteers to first verify a phishing site (multiple people for authenticity) and allow ‘members’ of the site to donate a very small part of their bandwidth each to hammer on the phishing site(s)? I believe it could be legal if the volunteers who were *cough* “looking at the phishing site to see if it were still online” just had a browser on refresh… for most of these phishing sites.. they are going to choke/be rendered useless, or have the plug pulled for exceeding allowed bandwidth very quickly. Safeguards and checks would have to be put in place.. obviously… but the sequence would go something like:
1. Phishing Site Reported
2. Notice sent to ‘verification team’ a team of verified volunteers who would each login to a hub/secure server to approve/disapprove the ‘listing’ of the reported site.
3. When x-number of ‘verifications’ happen.. the site is listed online or sent via dispatch to the “browsing volunteers”.
4. They ‘browse the site’ until they receive notice it’s down. Once notice is received… they give the ISP back his bandwidth.
Is it vigilantism or is it civil justice? We built the Internet, we the global users also must protect it. IF I see enough positive responses to the idea, I will donate or assist with building a hub for the purpose.