Phishing and Fraud Prevention Resources
Courtesy of Core Competence, Inc.
|
Recognizing and responding to spoof email messages Even the best of antispam measures may not be enough to protect
you from spoof email messages. By spoof email, I mean a message
that appears to be from a party you know - most commonly, an
ecommerce site, financial institution, even your IT
department - but in fact, is a bogus message, with a
malicious intent. More... Anti-phishing measure: User Behavior Modification Recently, a fellow security professional asked if he could use some of my anti-phishing material in a presentation he was preparing for an upcoming CSI conference. Revisiting the presentation I gave at IPComm 2004, I recalled (and related) a dialog I had with an attendee about an interesting behavior modification program. Blue Security: Your Right to Complain Blue Security's approach to combatting spam has attracted its fair share of criticism. Blue combines a proactive Do Not Mail Registry with an automated protest campaign against spammers. Most of the criticism is off target. In several articles, it's clear the critics didn't understand the approach; in other editorials, the critic is exercising his Internet-given privilege to flame. More... |
Anatomy of a Phishing Expedition Phishing is a serious problem, but it really is an ailment we can manage with education rather than technology. I've written a complementary article to my LOOP article, Recognizing and responding to spoof email messages. The Wordspy defines phishing as, "Creating a replica of an existing
Web page to fool a user into submitting personal, financial, or password data".
A phishing expedition is a two-pronged attack. First, the phisher creates a
spoof email message: posing as a legitimate e-merchant operator, the phisher
tries to lure a victim into visiting a web page. More... Anti-phishing Plug-in for IE, Firefox The FraudEliminator Toolbar, freeware version, offers interesting anti-phishing features. This toolbar is also available for IE and Firefox. Yes, I shudder when I use the word "toolbar" these days, but FraudEliminator is worth a look. For more, read my weblog #430 and #428. Do you trust your online banking home page? More precisely, has your bank made it impossible for you to do so? After reading Adam Shostack's blog item at Emergent Chaos, How not to train users, and following the thread begun by Peter Gutmann on the Cryptography mailing list, US Banks: Training the next generation of phishing victims, I wonder once again why we always sacrifice security for performance.More... |
|
Care and Handling of Credit and Personal Information Despite the real and present dangers Internet Identity Thefts, Phishing and email scam attacks pose, we cannot afford to overlook measures we can take to protect our identities and credit from attacks in the real (physical) world. Financial institutions, law enforcement agencies and attorneys recommend a number of ways you can protect against credit card theft and misuse, check fraud, and unintentional disclosure of personal information that can be used by impersonators, extortionists and other malicious or malevolent persons. More... |
|
Please make use of the resources on this page to help protect yourself, your family, and your company from Phishing attacks and Identity Theft.
You may also find Corecom's Spyware Resources page valuable as well.
My Weblog also contains information about spyware, phishing, viruses and worms.
Action Groups and Activists
Anti Phishing Working Group
CAUCE
Privacy Rights Clearinghouse
US-CERT
SecurityFrauds.org
Internet Fraud Complaint Center
National Consumers League
HoaxBusters
The Privacy Toolbox: 100 Guides and Resources for Keeping Your Personal Information Safe
SpoofKillers
The Inter-Net Fraud League (I-NFL) Hall of Shame
Facts, Statistics, Surveys, Lists of Phishing Attacks
MailFrontier Email Threat InfoCenter
Phishing IQ Test: MailFrontier
Lifespan of a Phishing Site: Netcraft
Phishing Attacks Using Banner Ads to Spread Malware
Phishing Lures Increase by Half, David Legard
Phishing Scams Increase 1,200% in 6 Months: Sharon Gaudin
Cost of Phishing hits $1.2 Billion: Sean Michael Kerner
Phishing for suckers: eMarketer
Phishing Attacks Still Rising: Techweb News
Phishing attacks up by 50 percent per month: The Industry Standard
Phishing Archive : AntiPhishing.org
Articles
General
Anatomy of a Phishing Expedition: Dave Piscitello
Phishing: Russel Kay
What you need to know about phishing: Microsoft
How to not get hooked by a 'phishing' scam: FTC
Phishing: Spam that can't be ignored: ZDNet TechUpdate
Responding to "Phishing" Attacks: Glenbrook Partners
The Phishing Guide: Gunter Ollman
What is Phishing?: Webopedia
Phishing for Savvy Users: Scott Granneman
Phishing: Russell Kay
Phishing: Computerworld
Scam Alert: Watch Out for "Phishing" Emails: Privacy Rights Clearinghouse
Executive Conversation: Attacking the Phishing Threat - What Every Company Needs to Know: Melisa LaBancz-Bleasdale
Phear of Phishing: Deborah Radcliffe
Cheat Sheet: Phishing: Will Sturgeon
Phishing con hijacks browser bar: BBC News
Phishing Attacks: NW Fusion
Identity Theft gets phishy: Brad Grimes
Brief guide to phishing: Matt Bright
The Future of Phishing: Dr. Jonathan Tuliani
On Identity Theft: Spoof Email Phishing Scams and Fake Web Pages or Sites: Mat Bright
Phishing for dummies: hook, line, and sinker Scott Granneman
Phishing: Spam that cannot be ignored: David Berlind
What is Phishing
Recognizing Phishing and Avoiding Identity Theft
Recognizing and responding to spoof email messages: Dave Piscitello
Online Predators Revealed: Chris Powell
phishing (definition): Wordspy
Security Tips: Email and Web: Visa
Avoiding Social Engineering and Phishing Attacks: US CERT
Phishing: Can software stop it?: Alorie Gilbert
Preventing Online Fraud: Microsoft
Beware of Phishing: Better Business Bureau
Spoofing, Phishing, and Online Identity Theft: Examples: Stephen Cobb
Spotting a Spoof Email eBay Security Center
Help Stop Deceptive E-mail Forgery ("Spoofing") Amazon.com
Phishing and Instant Messaging
Phishing Dips into Yahoo IM: Matt Hicks
Phishing Scam Targets Instant Messaging Users: Liberty Identity Theft Services
Phishers change bait as IM use grows: Munir Kotadia
IM Users Need Better Education About Phishing Dangers: John Dickinson
Phishing evolves to IM
Enabling the Complaint Department: Marcus Ranum
Legal Advice, Fraud Prevention Resources
Identity Thief Goes Phishing for Consumers Credit Information: FTC
Special Report on "phishing": US Department of Justice
Phishing Phacts: Better Business Bureau
FBIIC and FSSCC Report on Preventing, Detecting, and Responding to Phishing Attacks: US Treasury
How to protect yourself: Phishing lorida State Attorney General
Fraud Prevention Wachovia Bank
Phishing scams: 5 ways to help protect your identity: Microsoft
Email, Phishing and Security Tips: Visa USA
Phishing tricks: escape the phish hook
Law Enforcement, Victim Assistance, Phish Reporting Sites
Internet Fraud Complaint Center
How Law Enforcement can contact eBay eBay Security Center
Square Trade Dispute resolution for eBay
Better Business Bureau
PhishTank
4-1-9 Scams
CIAC Hoaxbusters on 4-1-9
U.S. Secret Service: 4-1-9 Scam Advisory
Urban Legends: on 4-1-9
The 419 Coalition Website
Client & Consumer Anti-spam solutions and Phishing Toolbars
Anti-fraud toolbars can block users from accessing web pages that have been identified as phishing and fraud sites. Various black list databases are maintained and some of these toolbars allow users to report suspicious sites. I've tried all these toolbars to verify they are not spyware. Some are very simple to use while others have more bells and whistles. Try a few and choose one that you're comfortable with.
Microsoft© Phishing Filter for Internet Explorer 7.0
GeoTrust TrustWatch Anti-Fraud Toolbar for Internet Explorer
Netcraft Anti-Phishing Toolbar for Internet Explorer and Firefox
FraudEliminator for Internet Explorer and Firefox
Corestreet's SpoofStick for Internet Explorer
WebRoot's phishnet
EarthLink Scambuster
TrustBar
PhishTank Site Checker Toolbar
Anti-Phishing, Anti-scam, Anti-Spam Companies
Message Level (Authenticated email)MailFrontier Matador
Digital Envoy eScam
Spam Inspector
Tumbleweed Anti-Spam and Email Security
WholeSecurity behavioral endpoint security
Name Protect Digital Asset Protection
SurfControl
CipherTrust
SpamStopsHere [White Paper]
MailFoundry
WebSense