Fighting phishing

Topic

New Reply

How about we collect links in this thread to resources about phishing attacks and how to fight them?

This showed up in my e-mail today: MailFrontier eMail Security Update Newsletter

Reply | Quote

Replies

You mean like this:
Anti-Phishing Working Group
Cut the Line on Phishing Scams
Avoiding Social Engineering and Phishing Attacks

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

You mean like this:
Anti-Phishing Working Group
Cut the Line on Phishing Scams
Avoiding Social Engineering and Phishing Attacks

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Has anyone used Earthlink’s toolbar, which is apparently available for everyone? I haven’t, but just read about it in one of Dave’s links here.

Reply | Quote

A lot of this advice can be summarized as ‘be suspicious’. Not bad advice IMO but not advice that a lot of people are inclined to follow. (Even I feel that there’s already too much paranoia in our world. But then I seem to be able to treat suspicion as ‘wait & see’ while most people I know treat suspicion as ‘be afraid’.)

Anyway, what I think is needed is changes by the institutions most impersonated. Too many of them seem dedicated to making it hard to contact them-either no email address at all or an email address to which nobody responds. The last time I tried to contact eBay about a possible fraud I spent a good 10 minutes figuring out how-and even then it was a form, not an email. Apparently the only fraud in which they are interested is if it concerns an auction. (Even worse, many people dislike ‘reporting’ something as fraud when all they really want to do is ask whether or not it is a fraud.)

Toolbars showing actual sites are OK, but I’d rather stay away from a phishing site vs. go there & then find out what it is.

Reply | Quote

I just read a really good article at CBS Marketwatch “Spyware sneaks up on PC Users”, with the subtitle “Consumer Reports: few users take steps to thwart threat”. One of the most simple though innovative bits of thinking I’ve seen in a while was this tidbit of advice:[indent]

---

Another way to protect against phishing, Consumer Reports said, is to give an incorrect password on the first try. A phishing site will accept an incorrect password, while a legitimate site won’t.

---

[/indent]Talk about a solution staring you right in the face!

Reply | Quote

Now THAT is a great idea … oh, wait. That means I have to be able to remember the *wrong* password now …

Reply | Quote

I’ll second that. And I have no problem remembering wrong passwords-now if I could only do as well with the right ones…

Reply | Quote

I’ll second that. And I have no problem remembering wrong passwords-now if I could only do as well with the right ones…

Reply | Quote

Now THAT is a great idea … oh, wait. That means I have to be able to remember the *wrong* password now …

Reply | Quote

Fantastic!! It’s one of those, why didn’t I think of that. Of course, I’ve had emails that say that they deleted all passwords & profiles because of a security breach & to enter a new password…along with your SS#, credit card number, etc., but this should work on a number of sites.

Reply | Quote

Fantastic!! It’s one of those, why didn’t I think of that. Of course, I’ve had emails that say that they deleted all passwords & profiles because of a security breach & to enter a new password…along with your SS#, credit card number, etc., but this should work on a number of sites.

Reply | Quote

The free version of CR’s article is available from the middle column on the home page (direct links don’t work with the Lounge scripts). The ratings cost money.

Reply | Quote

The free version of CR’s article is available from the middle column on the home page (direct links don’t work with the Lounge scripts). The ratings cost money.

Reply | Quote

I just read a really good article at CBS Marketwatch “Spyware sneaks up on PC Users”, with the subtitle “Consumer Reports: few users take steps to thwart threat”. One of the most simple though innovative bits of thinking I’ve seen in a while was this tidbit of advice:[indent]

---

Another way to protect against phishing, Consumer Reports said, is to give an incorrect password on the first try. A phishing site will accept an incorrect password, while a legitimate site won’t.

---

[/indent]Talk about a solution staring you right in the face!

Reply | Quote

A lot of this advice can be summarized as ‘be suspicious’. Not bad advice IMO but not advice that a lot of people are inclined to follow. (Even I feel that there’s already too much paranoia in our world. But then I seem to be able to treat suspicion as ‘wait & see’ while most people I know treat suspicion as ‘be afraid’.)

Anyway, what I think is needed is changes by the institutions most impersonated. Too many of them seem dedicated to making it hard to contact them-either no email address at all or an email address to which nobody responds. The last time I tried to contact eBay about a possible fraud I spent a good 10 minutes figuring out how-and even then it was a form, not an email. Apparently the only fraud in which they are interested is if it concerns an auction. (Even worse, many people dislike ‘reporting’ something as fraud when all they really want to do is ask whether or not it is a fraud.)

Toolbars showing actual sites are OK, but I’d rather stay away from a phishing site vs. go there & then find out what it is.

Reply | Quote

Has anyone used Earthlink’s toolbar, which is apparently available for everyone? I haven’t, but just read about it in one of Dave’s links here.

Reply | Quote

Current issue of Consumer Reports discusses phishing, etc.

Reply | Quote

That’s what we’re saying, dude.

Reply | Quote

That’s what we’re saying, dude.

Reply | Quote

Current issue of Consumer Reports discusses phishing, etc.

Reply | Quote