Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISC: Advice on Preventing Phishing Attacks


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:20 AM

Posted 13 February 2005 - 07:14 PM

Internet Storm Center - Advice on Preventing Phishing Attacks
http://isc.sans.org//diary.php?date=2005-02-12

PDF - Advice on Preventing Phishing Attacks
http://isc.sans.org/presentations/phishthat.pdf

Progressively, phishers have taken great pain to include real code from the real site that they are spoofing. For example, if you click on any of the links of the phishing/fake site, it will take you to the actual real site pages. But over at real site, the real site should be able to see the referral URL that sent you there. If the real site is getting visitors referred by any URL other than their own, then they should actively create a page with a big fat warning banner at the top saying that it is likely that the user was just at a fake site previously. Note that referring URLs can come from legitimate locations, like a local business directory or something similar. Here are some of the techniques discussed that website owner can consider to detect whether their sites could be possibly targeted by phishers:

Some recommendations:

* Use cookies to track deep-linking visitors (set a cookie for visitors arriving at the main page, then use it to track state; alarm visitors who do not have a top-level non-persistent cookie).
* Filter referral URLs coming from sites unrelated to the bank (easier said than done, but a default deny rule would be a good place to start, particularly for the deep links).
* Provide an email address to handle questions and a FAQ.
* Use warning banners to educate users.
* Even better - issue all of your customers an X.509 cert that they install in their browsers and don't accept business transactions unless the certificate is valid (also easier said than done).
* Equipping all the customers with a hardware token generating a OTP (though another easier said than done, but it has been implemented on one of the site).

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users