The cleverness of email phishers

The Cleverness of Email Phishers

Blog Picks — Tue, 13 Jan 2009 23:32:56 GMT

The Cleverness of Email Phishers Read all about one of our members thoughts about Email phishers. Created

re: The cleverness of email phishers

Drinksabit — Wed, 14 Jan 2009 22:10:20 GMT

One could start with their states' Atty. Gen., not that they are likely to do anything. But, hey, it's a place for someone to start. It is my opinion that if they get enough complaints from their own state, they just might look into it... mabye not. Of course a large campaign contribution ... oh, I'm not going to finish that thought.

re: The cleverness of email phishers

Gametech — Thu, 15 Jan 2009 20:13:14 GMT

Well part of the issue is that American Law (and most others for that matter) requires a lot of time to adapt itself to new circumstances. Most of the systems setup in our country have been in place for at least a hundred years. There have been police and courthouses since there were towns in America thus we have a system that works decently (as in your example). The internet has gone from non-exsistant to a world-wide phenomenon in like what? 25 years? less?

Not to say this is an excuse but it definitly serves as evidence that our lawmakers and enforcers are simply running to catch up to the problems found in cyber space today. The internet is much like an undiscovered country right now, all kinds of people are exploring and exploiting it for different reasons but there's nothing to keep them from being attacked, or attacking someone else without recourse.

I will say that I believe the first course of action from the authorities would be to have a better way of monitoring the internet. Currently, there's nothing they really can do to tell if you've been hacked other than what you tell them, that's like you saying someone stole your thoughts, there's not really any way they can monitor what was taken vs. what may not have been there in the first place. Thus without evidence many of our current law enforcement measures don't hold up.

Like you said if you had backed up the data, maybe something could be done, but again I compare it to settlers colonizing a new world, most internet users are like pilgims in a canoe, no protection, no tools or knowledge of what's out there. Sure some of us have knowledge and tools but still get raided by indians...the point is without a governing authority in this new world whomever has the sharpest wit will prevale.

re: The cleverness of email phishers

daniel88c — Fri, 16 Jan 2009 14:14:38 GMT

Personally, I think that it will and continue to happen.

That's almost like saying the police is going to stop organized crime. Ha!

re: The cleverness of email phishers

Rangertech724 — Thu, 29 Jan 2009 18:52:33 GMT

Not sure how familar you all are with forensic tools on the computer, but I can tell if somthing was there and when it was taken. I can even tell if you tried to delete somthing and find it in the hard drive after you think you have deleted it. One of the simple tools used is FTK. Google it you will be surprised what is there when most people think somthing is gone. As for real time monitoring this is impossible, simple too much traffic and too many packets to sift through for real time who is doing what type of information.

To some extent you can also tell what information was on a drive, but that can be tweaked with by an experienced intruder with good tech skills.

re: The cleverness of email phishers

PapaHomer — Sat, 31 Jan 2009 23:00:19 GMT

Hey Capt

"I feel your pain". I have a Yahoo and a Gmail acct. I seem to get more spam/phishing emails on Yahoo...but their spam filter is pretty good. I'm thinking that they probably prevent a lot more.

At one time I would forward emails with headers to the spammer's ISP, attorney general, uce@ftc.gov, etc. However, that worked well..."not so much". I think I actually started getting more.

Lately I have noticed more of the phishing and less of the spam. The phishing emails have all of the graphics and the look of something official. Two tips that I would give to anybody are:

1) If it seems suspicious and/or unsolicited, trust your gut.

2) If you mouse over (do not click) the links in the email and the real URL that shows up is some IP address or any address other than the company you have proof.

I have forwarded the phishing emails to the banks and financial institutions they were posing as. Most legitimate sites have addresses where you can report phishing to.

abuse@chase, etc

Peace...PH

re: The cleverness of email phishers

Fizzter — Tue, 10 Feb 2009 13:39:50 GMT

Your thoughts are on the right track. I have worked in the email security space and seen the millions of emails that get sent to companies and some of the ever-evolving tactics.

One of my particular favorites from back in the day was a money making attempt based on stocks. (They're all based on money.. money drives everything). The spammers send out millions of emails telling people to buy a certain stock. Maybe 1% of those people bite, and this temporarily drives up the popularity and price. The spammers sell for profit.

The problem is out there, and even with ever-evolving filters and software, it isn't going away. The AV-software paradigm is a falacy itself, doomed to failure. The proper long-term protection should be proper education and use, perhaps in combination with behavioral technology rather than signature based. It goes along the same lines as abstinance-only teaching in schools, but I dare not get into that shenanigan...

Right now, the education isn't there, and shoddy AV products and mail filters are the best we can do. Teaching this to kids in schools isn't going to work yet, either, because the people running those schools typically don't have the knowledge to realize they have this large gap.

A general tip for email--don't click on links. Always go directly to the site yourself. If you're unsure whether or not the site is the "real deal", log in with a fake username/password first. The real site will deny it, but a fake site will take it as harvested data.

The general rule is that if your AV product is catching stuff, then you aren't using the computer properly, and you're probably already infected. :)

Good luck!

re: The cleverness of email phishers

Allen750 — Sun, 15 Feb 2009 01:02:56 GMT

Well, I create a filter in Gmail with my own signature as the special rule and everything else goes to the crapper.