Streaming Music To Your Phone?
The Nintendo Surgeon

Can Teamwork Stop Phishing?

Scams

from the wishful-thinking... dept

Mon, Dec 20th 2004 12:30amMike Masnick
While eBay seems to be moving away from email as a method to stop phishing scams, a number of common phishing targets have all teamed up to "share" info on phishing scams. I'm sure the phishing site operators are really, really afraid now. While, it obviously can't hurt for these companies to share info, that's hardly a major initiative to stop phishing from happening. These companies should have realized a long time ago the importance of sharing information -- and, if anything, it's a bit scary that they've only decided to do so at this point. As we've pointed out before, phishing is at its core a bit of social engineering designed to trick people into believing something. It's not so much a technical trick (though, technical tricks are being used to help move along the charade), and attempts by tech companies to take a tech approach to solving the issue may find it much more difficult than they imagined.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

4 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Ina Steiner, 20 Dec 2004 @ 9:22am

    No Subject Given

    Too true. I've been writing about PayPal phishing since June 2002. The only way to avoid phishing scams is to never click on a link to a log-in page, yet I continue to get emails from financial insitutions with such links. All companies need to emphasize that users should log-in to their accounts through their browswers. There is no technology fix for scams involving social engineering. It's appalling the lack of industry cooperation with regard to fraud, this will hurt ecommerce.

    link to this | view in thread ]

  2. identicon
    Anonymous, 20 Dec 2004 @ 11:08am

    No Subject Given

    Just a curiousity thing that I've always wondered about Phishing scams: The good looking, but bogus, link points somewhere... How come the bogus server is on the air 10 minutes after the legitimate institution gets a copy of the phish? I.E. Why doesn't Citibank, Paypal, whomever go after the server with all guns blazing? These things are clear fraud, they should be able to get law enforcment engaged very quickly and raid the site?

    link to this | view in thread ]

  3. identicon
    anonymous, 20 Dec 2004 @ 11:41am

    phishing

    The best way to discourage phishing is to encourage everyone to respond with bogus information--flood the phishers with noise.

    link to this | view in thread ]

  4. identicon
    Phish Phinder, 25 Dec 2004 @ 7:35am

    Citizens stop phishing on their own?

    Maybe someone's already doing this, maybe it's time someone did. Why doesn't someone develop a "shared bandwidth" 1-time DoS hub and allow volunteers to first verify a phishing site (multiple people for authenticity) and allow 'members' of the site to donate a very small part of their bandwidth each to hammer on the phishing site(s)? I believe it could be legal if the volunteers who were *cough* "looking at the phishing site to see if it were still online" just had a browser on refresh... for most of these phishing sites.. they are going to choke/be rendered useless, or have the plug pulled for exceeding allowed bandwidth very quickly. Safeguards and checks would have to be put in place.. obviously... but the sequence would go something like:
    1. Phishing Site Reported
    2. Notice sent to 'verification team' a team of verified volunteers who would each login to a hub/secure server to approve/disapprove the 'listing' of the reported site.
    3. When x-number of 'verifications' happen.. the site is listed online or sent via dispatch to the "browsing volunteers".
    4. They 'browse the site' until they receive notice it's down. Once notice is received... they give the ISP back his bandwidth.
    Is it vigilantism or is it civil justice? We built the Internet, we the global users also must protect it. IF I see enough positive responses to the idea, I will donate or assist with building a hub for the purpose.

    link to this | view in thread ]


Streaming Music To Your Phone?
The Nintendo Surgeon
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.