You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2012/04/23 05:31:16 UTC
Re: why don't banks do more against phishing?
>> OT but related
>>
>> I just got a bunch of phishing attacks against a bank come through.
>> Following the link leads me to some owned website with the fake bank
>> frontend - and it had a feature that I've seen time and time again:
>> images and links from the real banksite
>>
>> Why don't banks rub two braincells together and start monitoring the
>> referrers on their primary webpages (eg logos, terms and conditions) and
>> return a "RUN AWAY!!! IT'S A TRAP!!!" page whenever someone views the
>> phishing sites? The Referrer header would allow that instantly
>>
>> They really don't give a damn do they...
>>
Hi Jason,
a) phishers would probably move to hosting their own copies of the logos
b) some users of image resizers would see the warning sign reduced
(I recently had someone complain about an error on our google maps "our office is here"
page, and it turned out the visitor was using a smartphone via an image resize service)
Regards
Wolfgang
Re: why don't banks do more against phishing?
Posted by Dave Warren <li...@hireahit.com>.
On 4/22/2012 8:31 PM, hamann.w@t-online.de wrote:
> a) phishers would probably move to hosting their own copies of the logos
Yup. However, spammers haven't completely adapted to greylisting, and
still spam from SBL/ZEN listed IPs, so perhaps this would catch some of
the long-hanging fruit?
> b) some users of image resizers would see the warning sign reduced
> (I recently had someone complain about an error on our google maps "our office is here"
> page, and it turned out the visitor was using a smartphone via an image resize service)
Were you tripping on a lack of referrer, or was an image resizing
service actually returning a completely incorrect referrer? When
attacking phishing websites who are abusing legitimately hosted images,
you should be able to return the correct image for requests that are
completely missing a referrer, it's only when you get a third-party site
in the referrer that you should return the "This is a phishing site!" image.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren