Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Teaming Up to Educate and Enable Better Defense Against Phishing
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:44:08 AM
Re: 1,500 Phish a Month
Ah ok, thanks for clarifying. I would imagine pulling sites is based on a "level of integrity" basis. This makes much more sense, thanks again for elaborating.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 8:39:37 AM
Re: 1,500 Phish a Month
I don't mean to call out a single site, but I happen to like OpenDNS who developed PhishTank.  I think the value in DBs like this is based upon the fact that data does rapidly change for phishing sites.  With a model like PhishTank where you can develop your own anti-phishing apps against an OpenDNS API, you can actually rapidly log and pull sites, cross-reference and protect with fairly high accuracy.  Nothing's perfect, of course.  Like any spam filter your phishing filter will have flaws, but as the DB, the data and the apps developed to use them mature, their usefulness will become much more clear. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:17:43 AM
Re: 1,500 Phish a Month
I'm interested in this statement, "I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers."


Could you elaborate more to the value this provides? It's very easy to change email addresses so I don't see how the database would be overly effective. The source could easily pivot and keep on going with the recipient database they have. Thanks,
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 2:41:02 AM
1,500 Phish a Month
Between all my email accounts, I've estimated that I get roughly 1,500 phish a month.  Mind you, this isn't junk mail - these are emails that contain verbiage and links designed to extract information, to get me to login to a site with a pretense that ideally will convince me to use credentials tied to my finances, etc.  

My way of dealing with this is simple.  I've built a dictionary that is a compilation of keywords and phrases culled from this monthly mountain of madness.  Line up with any number of individual keywords or phrases, and my filters are permanently deleting you, after logging a tick for your status as "another one of those..."

Of course, this is not what I want to do.  I'd rather respond back in kind, perhaps with a bit more venom in the response, and crush them at their own game.  Phish for my banking credentials, get hit with a virus in return.  Of course, the problem is even the most talented of InfoSec pros have a hard time tracing phish back to their home schools...

I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers.  It's not as glamorous as dropping the phisherman by sending back a shark, but it does a public service in pulling together victims of common crimes to aid others avoid being hit.

In time, these databases will be valuable and just having access to them could eventually come at a price.  Jump on them now while most are still free.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-44093
PUBLISHED: 2021-11-28
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2021-44094
PUBLISHED: 2021-11-28
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...