Phishing responses

Discussion in 'Computer Security' started by bland, Oct 28, 2005.

  1. bland

    bland Guest

    When I get a Phishing email about a bypothetical PayPal or Ebay account, I
    usually return some random data, with an invented witty but offensive
    password of the day, to the offending web page in the hope that who is doing
    it will waste a few minutes on trying it all out.

    Is this a good idea. If all the millions of target users did it, the
    phisher would get so snowed under with garbage information he or she
    couldn't function.

    bland
     
    bland, Oct 28, 2005
    #1
    1. Advertising

  2. bland

    Jim Watt Guest

    On Fri, 28 Oct 2005 08:22:30 +0100, "bland" <>
    wrote:

    >When I get a Phishing email about a bypothetical PayPal or Ebay account, I
    >usually return some random data, with an invented witty but offensive
    >password of the day, to the offending web page in the hope that who is doing
    >it will waste a few minutes on trying it all out.
    >
    >Is this a good idea. If all the millions of target users did it, the
    >phisher would get so snowed under with garbage information he or she
    >couldn't function.
    >
    >bland


    Better just report it to the target organisation if the site is
    active.

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Oct 28, 2005
    #2
    1. Advertising

  3. "bland" <> wrote in message
    news:djsjjn$6d5$...
    > When I get a Phishing email about a bypothetical PayPal or Ebay account, I
    > usually return some random data, with an invented witty but offensive
    > password of the day, to the offending web page in the hope that who is
    > doing it will waste a few minutes on trying it all out.


    If this verifying step is done manually, maybe some minutes of the Phisher
    are wasted. However, it is no big effort to program a mechanism which try to
    login with the provided data. Only if the login was successfully the
    Phishing author will be informed. Note that Phishers are often very skilled
    people.

    Regards,
    Michael

    >
    > Is this a good idea. If all the millions of target users did it, the
    > phisher would get so snowed under with garbage information he or she
    > couldn't function.
    >
    > bland
    >
    >
     
    Michael Meckelein, Oct 28, 2005
    #3
  4. bland

    bland Guest

    "Michael Meckelein" <> wrote in message
    news:4361eb52$0$22541$-online.net...
    > "bland" <> wrote in message
    > news:djsjjn$6d5$...
    >> When I get a Phishing email about a bypothetical PayPal or Ebay account,
    >> I usually return some random data, with an invented witty but offensive
    >> password of the day, to the offending web page in the hope that who is
    >> doing it will waste a few minutes on trying it all out.

    >
    > If this verifying step is done manually, maybe some minutes of the Phisher
    > are wasted. However, it is no big effort to program a mechanism which try
    > to login with the provided data. Only if the login was successfully the
    > Phishing author will be informed. Note that Phishers are often very
    > skilled people.
    >
    > Regards,
    > Michael


    I think it has some effect as I usually get 4 or 5 attempted accesses to my
    firewall the day after I do this.

    bland
     
    bland, Oct 28, 2005
    #4
  5. From: "bland" <>

    | When I get a Phishing email about a bypothetical PayPal or Ebay account, I
    | usually return some random data, with an invented witty but offensive
    | password of the day, to the offending web page in the hope that who is doing
    | it will waste a few minutes on trying it all out.
    |
    | Is this a good idea. If all the millions of target users did it, the
    | phisher would get so snowed under with garbage information he or she
    | couldn't function.
    |
    | bland
    |

    It would be far better to submit any phishing attempt email to the Anti-Phishing
    Organization.

    http://www.antiphishing.org/report_phishing.html

    Just capture Full Headers and Body and send an email to;


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Oct 28, 2005
    #5
  6. bland

    Imhotep Guest

    David H. Lipman wrote:

    > From: "bland" <>
    >
    > | When I get a Phishing email about a bypothetical PayPal or Ebay account,
    > | I usually return some random data, with an invented witty but offensive
    > | password of the day, to the offending web page in the hope that who is
    > | doing it will waste a few minutes on trying it all out.
    > |
    > | Is this a good idea. If all the millions of target users did it, the
    > | phisher would get so snowed under with garbage information he or she
    > | couldn't function.
    > |
    > | bland
    > |
    >
    > It would be far better to submit any phishing attempt email to the
    > Anti-Phishing Organization.
    >
    > http://www.antiphishing.org/report_phishing.html
    >
    > Just capture Full Headers and Body and send an email to;
    >
    >
    >


    It is a good idea to forward the email by making it an attachment. This is
    better because the anti-phishing people need to see the full email headers.

    Imhotep
     
    Imhotep, Oct 28, 2005
    #6
  7. From: "Imhotep" <>



    | It is a good idea to forward the email by making it an attachment. This is
    | better because the anti-phishing people need to see the full email headers.
    |
    | Imhotep

    That will depend on the email application but it does NOT have to be an attachment.

    For example, in OE you can choose the properties --> details --> message source and use
    Ctrl-A and Ctrl-C to copy the full header and text and then paste it into a new message.

    In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to copy the full header
    and text and then paste it into a new message. You can also drag and drop the phishing
    email into the body of the new email.

    What I'm saying is it does not necessarily need to be an attachment.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Oct 28, 2005
    #7
  8. bland

    Imhotep Guest

    David H. Lipman wrote:

    > From: "Imhotep" <>
    >
    >
    >
    > | It is a good idea to forward the email by making it an attachment. This
    > | is better because the anti-phishing people need to see the full email
    > | headers.
    > |
    > | Imhotep
    >
    > That will depend on the email application but it does NOT have to be an
    > attachment.
    >
    > For example, in OE you can choose the properties --> details --> message
    > source and use Ctrl-A and Ctrl-C to copy the full header and text and then
    > paste it into a new message.
    >
    > In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to copy
    > the full header
    > and text and then paste it into a new message. You can also drag and drop
    > the phishing email into the body of the new email.
    >
    > What I'm saying is it does not necessarily need to be an attachment.
    >


    ....sure or you can simply forward the email as an attachment (which is
    probably the easiest way to do it).

    Imhotep
     
    Imhotep, Oct 28, 2005
    #8
  9. bland

    Beachcomber Guest


    >
    >...sure or you can simply forward the email as an attachment (which is
    >probably the easiest way to do it).
    >
    >Imhotep



    I usually forward the Phishing e-mails to or
    as appropriate and I get the routine form letter back
    saying "we will investigate".

    Does anyone know if these organizations really try to investigate and
    prosecute the phishers? Is there any track record of sucessful
    shutdowns and prosecutions?

    Or is it just good public relations for them to feign concern for
    their clients, but not really do anything...

    Beachcomber
     
    Beachcomber, Oct 28, 2005
    #9
  10. From: "Beachcomber" <>


    |
    | I usually forward the Phishing e-mails to or
    | as appropriate and I get the routine form letter back
    | saying "we will investigate".
    |
    | Does anyone know if these organizations really try to investigate and
    | prosecute the phishers? Is there any track record of sucessful
    | shutdowns and prosecutions?
    |
    | Or is it just good public relations for them to feign concern for
    | their clients, but not really do anything...
    |
    | Beachcomber
    |

    You'll notice that the major AV companies are working with the APWG. The get samples and
    wrie signatures for the AV software so email can be detected with said signatures.

    Below is such an exmple...
    Phish-BankFraud.eml.f -- http://vil.nai.com/vil/content/v_131770.htm

    Also note the US CERT is a working partner with the APWG.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Oct 28, 2005
    #10
  11. bland

    Imhotep Guest

    Beachcomber wrote:

    >
    >>
    >>...sure or you can simply forward the email as an attachment (which is
    >>probably the easiest way to do it).
    >>
    >>Imhotep

    >
    >
    > I usually forward the Phishing e-mails to or
    > as appropriate and I get the routine form letter back
    > saying "we will investigate".
    >
    > Does anyone know if these organizations really try to investigate and
    > prosecute the phishers? Is there any track record of sucessful
    > shutdowns and prosecutions?
    >
    > Or is it just good public relations for them to feign concern for
    > their clients, but not really do anything...
    >
    > Beachcomber



    I have noticed that when I have forwarded the phishing email, a couple of
    days later the site is down....
     
    Imhotep, Oct 28, 2005
    #11
  12. bland

    Jim Watt Guest

    On Fri, 28 Oct 2005 13:35:56 -0400, Imhotep <>
    wrote:

    >...sure or you can simply forward the email as an attachment (which is
    >probably the easiest way to do it).


    not with Eudora 3 which I use, however I do include full headers
    in the forwarded email
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Oct 28, 2005
    #12
  13. bland

    Jim Watt Guest

    On Fri, 28 Oct 2005 18:10:54 GMT, (Beachcomber)
    wrote:

    >Does anyone know if these organizations really try to investigate and
    >prosecute the phishers? Is there any track record of sucessful
    >shutdowns and prosecutions?


    paypal seem to close sites.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Oct 28, 2005
    #13
  14. "Imhotep" <> wrote in message
    news:...
    > David H. Lipman wrote:
    >
    > > From: "Imhotep" <>
    > > | It is a good idea to forward the email by making it an attachment.

    This
    > > | is better because the anti-phishing people need to see the full email
    > > | headers.
    > > |
    > > | Imhotep
    > >
    > > That will depend on the email application but it does NOT have to be an
    > > attachment.
    > >
    > > For example, in OE you can choose the properties --> details --> message
    > > source and use Ctrl-A and Ctrl-C to copy the full header and text and

    then
    > > paste it into a new message.
    > >
    > > In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to

    copy
    > > the full header
    > > and text and then paste it into a new message. You can also drag and

    drop
    > > the phishing email into the body of the new email.
    > >
    > > What I'm saying is it does not necessarily need to be an attachment.

    >
    > ...sure or you can simply forward the email as an attachment (which is
    > probably the easiest way to do it).


    ....and the one most likely to be automatically blocked, or unreadable to an
    automated system. The Clarify helpdesk at w*rk, for example, doesn't even
    attempt to open mails with attachments, but simply dumps them in a bin for a
    human to look at.

    Since these sites must receive the same phishing email thousands of times,
    my assumption would be that they are scanned mechanically for URLs. And
    placing the full message contents in the body of the email would be the
    easiest way to help them do something about the phish.

    Don't forget - the headers tell 'em where it came from, but they need the
    body of the email to locate the actual website.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Oct 29, 2005
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nospam

    Loss of DNS/ARP responses from Linksys WAG54G

    nospam, Feb 12, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    2,666
    nospam
    Feb 15, 2005
  2. George W. W.

    Tiscali robotic responses ?

    George W. W., Sep 14, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    479
    Mikish
    Sep 14, 2004
  3. twixs

    Spybot responses.

    twixs, Aug 24, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    655
    trout
    Aug 24, 2005
  4. ArtKramr

    A gig of RAM...107 responses.

    ArtKramr, Oct 12, 2003, in forum: Digital Photography
    Replies:
    3
    Views:
    363
    Steve Young
    Oct 16, 2003
  5. DFS
    Replies:
    13
    Views:
    487
    John McWilliams
    Apr 27, 2006
Loading...

Share This Page