Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Teaming Up to Educate and Enable Better Defense Against Phishing
Oldest First  |  Newest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 2:41:02 AM
1,500 Phish a Month
Between all my email accounts, I've estimated that I get roughly 1,500 phish a month.  Mind you, this isn't junk mail - these are emails that contain verbiage and links designed to extract information, to get me to login to a site with a pretense that ideally will convince me to use credentials tied to my finances, etc.  

My way of dealing with this is simple.  I've built a dictionary that is a compilation of keywords and phrases culled from this monthly mountain of madness.  Line up with any number of individual keywords or phrases, and my filters are permanently deleting you, after logging a tick for your status as "another one of those..."

Of course, this is not what I want to do.  I'd rather respond back in kind, perhaps with a bit more venom in the response, and crush them at their own game.  Phish for my banking credentials, get hit with a virus in return.  Of course, the problem is even the most talented of InfoSec pros have a hard time tracing phish back to their home schools...

I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers.  It's not as glamorous as dropping the phisherman by sending back a shark, but it does a public service in pulling together victims of common crimes to aid others avoid being hit.

In time, these databases will be valuable and just having access to them could eventually come at a price.  Jump on them now while most are still free.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:17:43 AM
Re: 1,500 Phish a Month
I'm interested in this statement, "I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers."


Could you elaborate more to the value this provides? It's very easy to change email addresses so I don't see how the database would be overly effective. The source could easily pivot and keep on going with the recipient database they have. Thanks,
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 8:39:37 AM
Re: 1,500 Phish a Month
I don't mean to call out a single site, but I happen to like OpenDNS who developed PhishTank.  I think the value in DBs like this is based upon the fact that data does rapidly change for phishing sites.  With a model like PhishTank where you can develop your own anti-phishing apps against an OpenDNS API, you can actually rapidly log and pull sites, cross-reference and protect with fairly high accuracy.  Nothing's perfect, of course.  Like any spam filter your phishing filter will have flaws, but as the DB, the data and the apps developed to use them mature, their usefulness will become much more clear. 
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:44:08 AM
Re: 1,500 Phish a Month
Ah ok, thanks for clarifying. I would imagine pulling sites is based on a "level of integrity" basis. This makes much more sense, thanks again for elaborating.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36328
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-36329
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
CVE-2021-36330
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
CVE-2021-41256
PUBLISHED: 2021-11-30
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giv...
CVE-2021-36326
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format...