No thanks for all the phish

9 Jan 2006

I'm used to report phishing when I get one in my mailbox. Last Thursday (Jan 5) I received one attempt disguised as an eBay email asking me to verify my identity. I went to eBay.com, only to discover that they've removed all practical means to report such abuse. In order to report a security issue to eBay, you have to go through a registration process, which is utterly ridiculous.

So I reviewed the source of the email, did a whois on the phisher site, found that it was hosted by Telefonica in Spain and reported it to the abuse address listed on the IP range in the whois. Today I received confirmation from Telefonica that they shut the site down. Kudos to them for this, and taking the time to reply to me! eBay should thank them too, they care more about the security of eBay customers than eBay itself, apparently.

Speaking of phishing, I just discovered this anti-phishing group (heh, I see eBay has a prominent place on the sponsors list). Also Netcraft has an anti-phishing toolbar. I've tested neither of those, but I think that if there was some internet-scale way to submit a suspicious email and get the providers co-operate a bit, phishing attempts would not fly long before being caught and stopped.

Posted by François Nonnenmacher on Monday, January 9, 2006 at 2:22 PM

Filed in

2 Comments

I recently received an email to update my Amazon account while I use only my wife's account on Amazon, so I haven't been caught in the trap but indeed I didn't spend too much time trying to fight the phishing.

Internet Merchants should also warn more often on their Website that they never send emails to their customers to update/check account information so that if you get one it's PHISHING (except for domain name networksolutions.com ...)

Ray CHOW | January 9, 2006 6:46 PM | Reply

There will be a workshop this week in New-York on security.
http://www.w3.org/2005/Security/usability-ws/

"Toward a More Secure Web
W3C Workshop on Transparency and Usability of Web Authentication"

You can read the position papers from the different companies, browser vendors, etc.
http://www.w3.org/2005/Security/usability-ws/papers/

And the program of the workshop
http://www.w3.org/2005/Security/usability-ws/program

;)

karl | March 14, 2006 4:02 AM | Reply

Leave a comment

Gallery

Prev Next

Recent Entries

  • Moving on

    If everything goes well, next week I shall be the happy founder and owner of a shiny brand new company, under which I'll incorporate my...

  • Movable Type 4.2 is out

    Movable Type 4.2 is here with a lot of good news and new features. The new set of licences, if I get things correctly, is...

  • Using Movable Type as a CMS and NewsML feeds generator

    I'm putting the last touches on a CMS to generate custom NewsML feeds for internet portals. It's based on Movable Type 4.2 and allows for...

  • Google lets GMail certificate expire

    This expired certificate alert just showed up for my GMail account. Apparently Google let the SSL certificate expire for the smtp.gmail.com domain. In the...

  • Bon appétit

    We wanted to strip away all the nonsense. Do we really need a sommelier? Do we really need all the other accoutrements that you see...

Close