IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« So many passwords, so little time | Main | Jottings and dashing »

Gone phishing

The secret to a successful phishing scam is to have the right bait. And the secret to exposing a phishing scam and leaving it dead in the water is to make sure that this bait is not attractive.

This nefarious practice attempts to part unwary internet users from their sensitive financial details by tricking them into logging into a maliciously crafted website that is designed to look like their bank's log-in page.

It is testimony to the fast-growing threat that Microsoft, eBay, PayPal and Visa have clubbed together in a bid to pour cold water over the phishers.

The industry giants have created the Phish Report Network. Billed as the internet industry's first worldwide anti-phishing aggregation service, the service is to be applauded for taking at least a step in the right direction by effectively creating a blacklist of known phishing sites.

It's far from perfect as the phishers will inevitably just move on after a scam site is compromised, but at least it's a start.

February 15, 2005 | Permalink


Is there to be a central website or e-mail address to which users can report phishing attempts?

Posted by: J L A Hartley | February 15, 2005 06:00 PM

Post a comment